Thinkpads Forum

Interesting.. So apparently the software running on a WiFi router with Realtek hardware inside may be vulnerable allowing the attacker take control of the WiFi router and do whatever: intercept local traffic at home or better use that router in a denial of service attach against some organisation or website.

The attacker generally needs to be on the same Wi-Fi network as the vulnerable device, but IoT Inspector noted that faulty ISP configurations can expose vulnerable devices directly to the internet

Hmm.. Thx! In any case I checked the brand of my router and found out the hardware inside doesn't seem associated with Realtek.

It's not just routers that are in danger.
What about all those Thinkpads that came ex factory with a Realtek wifi card?
You don't want those crappy cards to begin with...

I don't think anything is in danger, really.

The attacker generally needs to be on the same Wi-Fi network as the vulnerable device, but IoT Inspector noted that faulty ISP configurations can expose vulnerable devices directly to the internet

This already makes it mostly a non-issue unless you use an ISP-provided router that has a Realtek module, or expose your management interface to the web, or have no Wifi security.

RealBlackStuff wrote: ↑

Fri Aug 27, 2021 11:41 pm

What about all those Thinkpads that came ex factory with a Realtek wifi card?

Not affected as far as I understand the CVE. The vulnerability is specific to the SDK that is used for Realtek's APs/routers, not clients.

I doubt anyone will come out to Flyover Country to exploit a bug in my router in the middle of no where.