According to new reports from an independent security researcher known in the community only as “HeadlessZeke,” select routers from D-Link and TrendNet could be open to attack from remote code-execution techniques thanks to a flaw in RealTek version 1.3.
Though there hasn’t been a complete list of the models made vulnerable by the bug just yet, so far we know that it affects any routers that were made with the RealTek software development kit inside. If the timeline from the Zero Day Initiative is to be believed, Zeke has been pestering manufacturers known to have produced infected routers for upwards of two years now, before finally testing out the vulnerability himself with the help of engineers at ZDI.
“The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges,” read the advisory posted last week.
Currently the only way to know whether or not your specific device is affected is to run a Metasploit query on your router personally. If you get back anything that looks like “RealTek/v1.3”, you could potentially be a victim of the exploit.
As we noted in our Decrypt This breakdown last week, researchers have found these types of problems can be temporarily avoided by disabling the universal plug-and-play option inside your router’s internal settings.
UPnP seems to be one of the primary avenues through which hackers find the most success in cracking routers of their choosing. Considering that the number of people who need to share folders on a local network isn’t that high these days thanks to the help of the cloud, maybe it’s high time that companies like D-Link and Netgear start disabling the option by default, rather than shipping with it already switched on.