Realtek eCos SDK SIP ALG buffer overflow


People from Faraday Security presented excellent research at DEFCON 30 this year on the “hidden attack surface of OEM IoT devices”.

Their talk discussed the different research steps they took, culminating with the discovery and exploitation of CVE-2022-27255.

This vulnerability is a buffer overflow vulnerability affecting Realtek’s eCos SDK, specifically the SIP ALG parser. It can be triggered from WAN by unauthenticated attackers using a single UDP packet. There is no workaround except for vendors to update their Realtek’s dependencies. The SIP parser is always enabled, regardless of device settings.

You can find all their research products on Github at

Tagged #ecos, #realtek.