Flaw in Realtek SDK for wireless chipsets exposes routers to hacking
The software that controls wireless networking chipsets made by Realtek Semiconductor contains a critical vulnerability that could allow attackers to compromise home routers.
The flaw exists in a firmware component called miniigd that’s present in router models based on Realtek chipsets. The component is part of the software development kit (SDK) for RTL81xxx chipsets that Realtek provides to router manufacturers.
The vulnerability was discovered by Ricky Lawshae, a researcher with Hewlett-Packard’s TippingPoint Digital Vaccine Labs (DVLabs) which runs the well-known Zero-Day Initiative (ZDI) bug bounty program.
“An attacker could leverage this vulnerability to execute code with root privileges,” the ZDI team said in an advisory published Friday. Exploitation does not require authentication, it said.