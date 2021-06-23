Language Selection

English French German Italian Portuguese Spanish

Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices

Submitted by Rianne Schestowitz on Wednesday 18th of August 2021 10:00:57 AM Filed under
Linux

The IoT Inspector Research Lab has discovered four high and critical vulnerabilities in the Realtek AP-Router “Jungle” SDK used for RTL819x SoCs that could impact millions of WiFi routers and dongles.

An attacker can use a network attack, e.g. without physical access to the device, to generate a buffer or stack overflow helping him access the system and execute his own code. Realtek has released an advisory (PDF) with patchsets for all four vulnerabilities so you should upgrade the firmware if you can.

Read more

»

More in Tux Machines

Proprietary Software Leftovers

  • Redaction Failure Shows Grayshift Is Swearing Cops To Secrecy About Its Phone-Cracking Tech

    Law enforcement loves its new tech advances. It also hates to talk about them, operating under the assumption that the business of serving the public isn't the public's business. When pressed, officials will say something about staying one step ahead of criminals. But more often the opacity is nothing more than antagonism directed at people who expect transparency from those cashing publicly funded paychecks.

  • LockBit 2.0 Ransomware Proliferates Globally

    The LockBit ransomware-as-a-service (RaaS) gang has ramped up its targeted attacks, researchers said, with attempts against organizations in Chile, Italy, Taiwan and the U.K. using version 2.0 of its malware.

    Attacks in July and August have employed LockBit 2.0, according to a Trend Micro analysis released on Monday, featuring a souped-up encryption method.

  • Top researcher slams Microsoft over 'astonishingly bad' security advisories

    A well-known security researcher has slammed Microsoft for its "astonishingly bad" security advisories, pointing to the wording in a TCP/IP remote code execution vulnerability released on 10 August this year as an example.

  • BlackBerry software flaw could impact cars, medical devices - U.S. agencies

    The warning came after the Canadian company disclosed that its QNX Real Time Operating System has a vulnerability that could allow an attacker to execute an arbitrary code or flood a server with traffic until it crashes or gets paralyzed.

    The software is used by automakers including Volkswagen, BMW and Ford Motor in many critical functions including the Advanced Driver Assistance System.

today's howtos

  • Install VistA on GT.M or YottaDB

    A Mumps database (like VistA) is a series of routines and globals (a global in Mumps really means a file on disk). To load VistA into GT.M/YottaDB, you need to obtain the these from the CACHE.DAT distributed by the VA. Efforts are underway to lobby the VA to distribute the FOIA instance as a set of globals and routines; rather than in a proprietary format.

    Since the establishment of OSEHRA, each monthly update of FOIA is exported as routines and globals in zwrite format at GitHub. In addition, DSS vxVistA can be obtained from this repository and WorldVistA can be obtained from here.

    In our example, for setting up a VistA Database, we will use FOIA VistA.

  • How To Install and Secure MongoDB on CentOS 8 – TecAdmin

    MongoDB is a popularly used document-oriented, NoSQL, database program. The term NoSQL refers to not only SQL which is an approach to designing databases. A NoSQL database is modeled in a way that the storage and retrieval of data are done through documents, instead of using the tabular structure (tables and rows) used in the more traditional relational databases. MongoDB is a general-purpose database in which data is stored in flexible JSON-like documents in key-value pairs. Each MongoDB database has collections that contain documents. These documents can have different sizes, contents, and numbers of fields. It supports an optional schema model which means that the blueprint of the database doesn’t need to be defined beforehand. The MongoDB databases are very scalable. The document-oriented model makes MongoDB very flexible. It is great at load balancing and duplicating data and can run on multiple servers. These features allow it to keep the system running even if there is hardware failure. Following are some of the key features of MongoDB...

  • How To Mount Google Drive On Linux Operating Systems | Itsubuntu.com

    Thinking of using Google Drive in your Linux based operating systems then this tutorial is for you. In this tutorial post, we are going to show you the basic idea behind the mounting Google drive on Linux operating systems.

  • How to Install Ionic Framework on Debian 11 - LinuxCapable

    Ionic Framework is a free and open-source toolkit for building performing, high-quality mobile and desktop apps. Ionic comes with integrations for popular frameworks like Angular, React, and Vue and is one of the more popular frameworks amongst developers today in the mobile applications field. In the following tutorial, you will learn how to install Ionic Framework on your Debian 11 Bullseye, its dependencies, create a project, and learn how to start the test application.

  • How to Install KDE Plasma in Linux Desktop

    KDE is a well-known desktop environment for Unix-like systems designed for users who wants to have a nice desktop environment for their machines, It is one of the most used desktop interfaces out there.

Games: Virtual Reality, AMD, and Among Us

  • Having VR issues on Linux? You should look to disable async reprojection | GamingOnLinux

    Virtual Reality is still a niche and doing it on Linux is a niche within a niche, that said when it works it's brilliant but there's a few problematic issues that have arisen recently. After having played a great many hours, and picking up a fan to prevent myself overheating, I feel it's safe to say I'm now a huge fan of VR. Sadly though, there are times where updates roll out with SteamVR that cause problems on Linux and it doesn't really seem much of a priority for Valve to fix (compared with updating Proton).

  • Is AMD Ryzen Good For Gaming? The Best AMD CPUs Reviewed - Make Tech Easier

    Is AMD Ryzen good for gaming? This has been a pretty common question since the initial launch of the Ryzen series in 2015. Even today, there can be legitimate debates launched when AMD fails to compete with Intel in some way. To properly answer the question, we need to dive into the details of how AMD has competed with Intel in the CPU space and provide good Ryzen CPU recommendations.

  • Among Us not connecting on Linux with Proton? Here's a simple fix | GamingOnLinux

    Among Us continues to be a very popular game and it can run quite nicely on Linux with Steam Play Proton, however if you have issues with it not connecting or getting a black screen - there's a really simple fix. One reason we're bringing this up, is that recently Epic Games released a new game mode for Fortnite called Fortnite Impostors. No guessing needed where they got the idea and terminology from. There's been a lot of talk on how Epic with Fortnite has, again, copied a developer without credit. The Among Us developers don't seem to be particularly amused by this either. Epic teams up with all sorts of brands but apparently not indie game developers.

Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices

The IoT Inspector Research Lab has discovered four high and critical vulnerabilities in the Realtek AP-Router “Jungle” SDK used for RTL819x SoCs that could impact millions of WiFi routers and dongles. An attacker can use a network attack, e.g. without physical access to the device, to generate a buffer or stack overflow helping him access the system and execute his own code. Realtek has released an advisory (PDF) with patchsets for all four vulnerabilities so you should upgrade the firmware if you can. Read more

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6