Published: 01/08/2022 Updated: 30/09/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an malicious user to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
realtek ecos_rsdk_firmware 1.5.7p1
realtek ecos_msdk_firmware 4.9.4p1

Simple checker for CVE-2022-27255 using poc_crash and telnet availability

CVE-2022-27255-checker Simple checker for CVE-2022-27255 using poc_crash and telnet availability Code is simplified and using minimal external libs Usage: checkerpy Original: githubcom/infobyte/cve-2022-27255/blob/main/exploits_nexxt/poc_crashpy

CVE-2022-27255 - Realtek eCos SDK SIP ALG buffer overflow This repository contains the materials for the talk "Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS", which was presented at DEFCON30 The contents of this repo include: analysis: Automated firmware analysis to detect

CWE-20 https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-27255.pdf https://forum.defcon.org/node/241835 https://nvd.nist.gov https://github.com/stryker-project/CVE-2022-27255-checker

CVE-2022-27255

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect