Menu
What's new
By:
Filters Better Search

News CVE-2022-27255 Realtek eCos SDK-based routers, the ‘SIP ALG’ module is vulnerable to buffer overflow.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Wallace_n_Gromit

Wallace_n_Gromit

Senior Member
www.bleepingcomputer.com

Exploit out for critical Realtek flaw affecting many networking devices

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC), which are estimated to be in the millions.
www.bleepingcomputer.com www.bleepingcomputer.com

.pdf

CVE-2022-27255 - In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a sta - CVE-Search

Common Vulnerability Exposure most recent entries
cve.circl.lu cve.circl.lu

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
www.tenable.com www.tenable.com
 

Attachments

  • Screenshot 2022-08-24 at 11-55-00 Security Now! #885 - 08-23-22 - The Bumblebee Loader - SN-88...png
    Screenshot 2022-08-24 at 11-55-00 Security Now! #885 - 08-23-22 - The Bumblebee Loader - SN-88...png
    400.1 KB · Views: 90
www.snbforums.com

Asus/Merlin exposure to CVE-2022-27255?

Does ASUS Merlin make use of the RealTek eCos RSDK? Any exposure to CVE-2022-27255? Articles like this one list ASUS as an impacted vendor, but presumably that would only be on the minority of ASUS devices not using Broadcom chips? Thanks, Ben
www.snbforums.com www.snbforums.com
 
ColinTaylor said:
www.snbforums.com

Asus/Merlin exposure to CVE-2022-27255?

Does ASUS Merlin make use of the RealTek eCos RSDK? Any exposure to CVE-2022-27255? Articles like this one list ASUS as an impacted vendor, but presumably that would only be on the minority of ASUS devices not using Broadcom chips? Thanks, Ben
www.snbforums.com www.snbforums.com
Click to expand...
That's why I posted the CVE in General Network Security. The information might be of interest to some. Tried to provide some extra, hopefully, informative content.
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Critical Realtek vulnerabilities and 374 LTS
Replies
3
Views
2K
Igor
I
Similar threads
Thread starter Title Forum Replies Date
D News Windows Wi-Fi Driver Remote Code Execution Vulnerability CVE-2024-30078 General Network Security 2
sfx2000 News SSID Confusion attack, tracked as CVE-2023-52424 General Network Security 4
D News Universal local privilege escalation linux cve-2024-1086 General Network Security 0
XIII CVE-2024-31497: PuTTY vulnerability vuln-p521-bias General Network Security 3
sfx2000 CVE-2024-3094 - XZ Utils Backdoor - addtional info General Network Security 12

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 881 (members: 30, guests: 851)
Top