|Number of vulnerabilities||1|
|Public exploit||This vulnerability is being exploited in the wild.|
Universal components / Libraries / Software for developers
This security bulletin contains one critical risk vulnerability.
Exploit availability: YesDescription
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists within the miniigd SOAP service due to a failure to sanitize user data before executing a system call when handling malicious requests. A remote attacker can supply specially crafted NewInternalClient requests and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Note: the vulnerability is being exploited by various attachers to deliver several Mirai variants (e.g., Satori, JenX, etc.).
Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in http://technet.microsoft.com/en-us/library/cc725770%28WS.10%29.aspx and numerous other Microsoft Knowledge Base articles.Vulnerable software versions
Realtek SDK: All versionsCPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?