skip to main content
Router Security Advisory: Realtek SDK miniigd : Authentication Bypass - Remote Code Execution Vulnerability

Overview:
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a router with select Realtek SDKs. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service.

References:
Discovered by Ricky "HeadlessZeke" Lawshae
Zero Day Initiative Disclosure: Click here (hyperlink to: http://www.zerodayinitiative.com/advisories/ZDI-15-155/)

Update Date: 5/4/2015
Affected TRENDnet Products
NOTE: TRENDnet routers with a Realtek chipset, which TRENDnet currently offers, are NOT affected by the published vulnerability. No action is required for related routers.

Affected Discontinued Products
Model Hardware Version(s) Firmware Versions New Firmware to Fix Exploit
TEW-651BR V1.0
V2.0
V2.04b01 and older Available June 12, 2015
TEW-652BRP V1.0
V2.0
V3.0
V3.03b01 and older Available June 12, 2015
TEW-711BR V1.0 V1.02b05 and older Now Available
TEW-731BR V1.0 V1.02b05 and older Now Available