* [Cerowrt-devel] binary blobs struck again
@ 2022-08-17 21:07 Dave Taht
2022-08-17 23:39 ` Matt Taggart
0 siblings, 1 reply; 2+ messages in thread
From: Dave Taht @ 2022-08-17 21:07 UTC (permalink / raw)
To: cerowrt-devel
lack of trust in turtles all the way own.
https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/
--
FQ World Domination pending: https://blog.cerowrt.org/post/state_of_fq_codel/
Dave Täht CEO, TekLibre, LLC
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Cerowrt-devel] binary blobs struck again
2022-08-17 21:07 [Cerowrt-devel] binary blobs struck again Dave Taht
@ 2022-08-17 23:39 ` Matt Taggart
0 siblings, 0 replies; 2+ messages in thread
From: Matt Taggart @ 2022-08-17 23:39 UTC (permalink / raw)
To: cerowrt-devel
On 8/17/22 14:07, Dave Taht via Cerowrt-devel wrote:
> lack of trust in turtles all the way own.
>
> https://www.bleepingcomputer.com/news/security/exploit-out-for-critical-realtek-flaw-affecting-many-networking-devices/
More justification for your mass-router-trade-in-refurb program :)
Seriously, there should be a press release.
eCos seems to just be the embedded O/S in these router devices, so
presumably if you had linux/openwrt/etc on these devices you wouldn't be
affected?
Realtek's former website http://www.realtek.com.tw/ doesn't resolve, but
they seem to have realtek.com too. Here are a couple related product pages
https://www.realtek.com/en/products/communications-network-ics/item/rtl8196e
https://www.realtek.com/en/products/communications-network-ics/item/rtl8197f
Here's a good wiki page
https://wikidevi.wi-cat.ru/Realtek/SoC
http://en.techinfodepot.shoutwiki.com/wiki/Realtek/SoC (same page?)
Seems to be AKA Lexra and never really got full OpenWRT support
https://openwrt.org/docs/techref/hardware/soc/soc.realtek
most of the people attempting things seemed to be working on it back in
the Barrier Breaker days and there hasn't been anything since then.
So we can't just advocate people install openwrt on them.
Probably all the devices are 4mb flash and 32mb ram or worse, so at this
point should just be recycled anyway
https://openwrt.org/supported_devices/432_warning
Searching on the openwrt table of hardware I found a few popular devices
that received hardware revs to use it and never got support:
D-Link DIR-615 Revs J1, M1, T1
https://openwrt.org/toh/d-link/dir-615#unsupported_versions
NETGEAR WNR612 Rev v3
https://openwrt.org/toh/netgear/wnr612v2
Maybe someone will write a worm that just bricks them... (NOT ADVOCATING
FOR SUCH A THING, THAT WOULD BE ILLEGAL)
rtl819x seems to be the general name of the SoC but it's really just
rtl8196/rtl8197 and there are other devices with rtl819* names, mostly
wireless
https://wireless.wiki.kernel.org/en/users/drivers/rtl819x
https://wiki.debian.org/rtl819x
https://openwrt.org/docs/techref/driver.wlan/rtl819x
Also common rtl81* things:
* RTL8111/8168/8411 pci-e gigabit NICs (r8169 driver)
* RTL8153 usb gigabit NIC (r8152 driver)
Many of these realtek devices can load firmware binary blobs and those
are found at
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git
(see rt*) and are available on Debian in the non-free firmware-realtek
package. If anyone finds exploits in those then we're _really_ in trouble...
--
Matt Taggart
matt@lackof.org
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-08-17 23:39 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-17 21:07 [Cerowrt-devel] binary blobs struck again Dave Taht
2022-08-17 23:39 ` Matt Taggart
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox