Skip to content

No patch for remote code-execution bug in D-Link and Trendnet routers – Ars Technica


Home and small-office routers from manufacturers including Trendnet and D-Link are vulnerable to attacks that allow attackers anywhere in the world to execute malicious code on the devices, according to an advisory issued over the weekend.

The remote command-injection bug affects routers that were developed using the RealTek software development kit. That includes routers from Trendnet and D-Link, according to the developer who discovered the vulnerability. There’s no comprehensive list of manufacturers or models that are affected, though more technical users may be able to spot them by using the Metasploit framework to query their router. If the response contains “RealTek/v1.3” or similar, it’s likely vulnerable.

The remote code-execution vulnerability resides in the “miniigd SOAP service” as implemented by the RealTek SDK. Security researcher Ricky “HeadlessZeke” Lawshae reported it to HP’s Zero Day Initiative (ZDI) in August 2013. ZDI, which uses such vulnerability information to block attacks in its line of intrusion prevention services, then reported it to officials inside RealTek. After 20 months of inaction, the HP division disclosed it publicly even though no fix has been released.

“Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines,” ZDI officials wrote in an advisory published Friday. “Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it.”

One Comment
  1. Reblogged this on TheFlippinTruth.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: