News CVE-2022-27255 Realtek eCos SDK-based routers, the ‘SIP ALG’ module is vulnerable to buffer overflow.

[Wallace_n_Gromit]

Exploit out for critical Realtek flaw affecting many networking devices

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC), which are estimated to be in the millions.

www.bleepingcomputer.com

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255

.pdf

CVE-2022-27255 - In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a sta - CVE-Search

Common Vulnerability Exposure most recent entries

cve.circl.lu

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.

www.tenable.com

 

[ColinTaylor]

Asus/Merlin exposure to CVE-2022-27255?

Does ASUS Merlin make use of the RealTek eCos RSDK? Any exposure to CVE-2022-27255? Articles like this one list ASUS as an impacted vendor, but presumably that would only be on the minority of ASUS devices not using Broadcom chips? Thanks, Ben

www.snbforums.com

 

[Wallace_n_Gromit]

Asus/Merlin exposure to CVE-2022-27255?

Does ASUS Merlin make use of the RealTek eCos RSDK? Any exposure to CVE-2022-27255? Articles like this one list ASUS as an impacted vendor, but presumably that would only be on the minority of ASUS devices not using Broadcom chips? Thanks, Ben

www.snbforums.com

That's why I posted the CVE in General Network Security. The information might be of interest to some. Tried to provide some extra, hopefully, informative content.

 

[ColinTaylor]

Just trying to head off the inevitable "Is Merlin effected by this?" posts.