bleepingcomputer[.]com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/
Researchers from cybersecurity company Faraday Security in Argentina discovered the vulnerability in Realtek’s SDK for the open-source eCos operating system and disclosed the technical details last week at the DEFCON hacker conference.
Realtek addressed the issue in March noting that it affects rtl819x-eCos-v0.x series and rtl819x-eCos-v1.x series and that it could be exploited through a WAN interface.The four researchers from Faraday Security have developed proof-of-concept (PoC) exploit code for CVE-2022-27255 that works on Nexxt Nebula 300 Plus routers.
They also shared a video showing that a remote attacker could compromise the device even if remote management features are turned off.
The researchers note that CVE-2022-27255 is a zero-click vulnerability, meaning that exploitation is silent and requires no interaction from the user.
An attacker exploiting this vulnerability would only need the external IP address of the vulnerable device.
I couldn't find a list of effected devices -- the Realtek chips are used in routers, WiFi extenders & access points, USB WiFi dongles, laptops, probably PCs, tablets etc... Start checking manufacturer sites for firmware updates.
