Get rid of your Realtek wifi stuff!

[RealBlackStuff]

Cybersecurity warning: Realtek flaw exposes dozens of brands to supply chain attacks]

[atagunov]

Interesting.. So apparently the software running on a WiFi router with Realtek hardware inside may be vulnerable allowing the attacker take control of the WiFi router and do whatever: intercept local traffic at home or better use that router in a denial of service attach against some organisation or website.

The attacker generally needs to be on the same Wi-Fi network as the vulnerable device, but IoT Inspector noted that faulty ISP configurations can expose vulnerable devices directly to the internet

Hmm.. Thx! In any case I checked the brand of my router and found out the hardware inside doesn't seem associated with Realtek.

[RealBlackStuff]

It's not just routers that are in danger.
What about all those Thinkpads that came ex factory with a Realtek wifi card?
You don't want those crappy cards to begin with...

[dr_st]

I don't think anything is in danger, really.

The attacker generally needs to be on the same Wi-Fi network as the vulnerable device, but IoT Inspector noted that faulty ISP configurations can expose vulnerable devices directly to the internet

This already makes it mostly a non-issue unless you use an ISP-provided router that has a Realtek module, or expose your management interface to the web, or have no Wifi security.

What about all those Thinkpads that came ex factory with a Realtek wifi card?

Not affected as far as I understand the CVE. The vulnerability is specific to the SDK that is used for Realtek's APs/routers, not clients.

[MikalE]

I doubt anyone will come out to Flyover Country to exploit a bug in my router in the middle of no where.