Security researcher Ricky “HeadlessZeke” Lawshae warned HP’s Zero Day Initiative two years ago that the remote command-injection bug affects routers that were developed using the popular RealTek software development kit. It still has not been fixed.
This is means that Trendnet and D-Link routers would be in trouble, although there is no comprehensive list of manufacturers or models that are affected.
A user can find out by using Metasploit to query their router. If the response contains “RealTek/v1.3” or similar, it’s is potentially toast.
Now the organisers of HP’s Zero Day Initiative ZDI have written an advisory highlighting the problem.
“Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it.”
ZDI officials went on to recommend the use of a firewall to block outside connections. Other researchers said that turning off a router’s universal plug and play may also prevent exploits.