Skip to content

Affected Systems: Networking devices containing Realtek’s RTL819x system on a chip.


Researchers from Faraday Security, a cyber security company based in Argentina, have released exploit code for a vulnerability tracked as CVE-2022-27255 that would allow a remote attacker to compromise vulnerable Realtek network devices and execute code without authentication. Notably, no user interaction is needed for this vulnerability to be successfully exploited. Researchers detailed how an attacker would only need the external IP address of a vulnerable device to exploit it.

Although Realtek released a patch for this vulnerability in March 2022, many devices (routers, access points & signal repeaters) are still vulnerable as manufacturers (of which there are at least 20) using the chip are responsible for distributing the update to end-user devices. Many vendors known to have used vulnerable chips in their products have yet to release an update to fix this vulnerability.

Should a device be compromised, attackers are able to not only execute arbitrary code but can also crash the device, establish backdoors, and reroute and intercept network traffic. Researchers have warned that if the exploit turns into a worm, it could quickly spread across the internet.

The researcher’s slides from their talk at DEF CON on this subject can be found here.


If you are using any devices that contain Realtek eCOS SDK manufactured before March 2022, please check for any updates released after March from the device manufacturer, and update all devices as soon as possible. If no updates are available for a vulnerable device, consider blocking unsolicited User Datagram Protocol (UDP) requests to your organisation’s network, as the exploit published uses a single UDP packet to gain access to the device.

Related Links: