24 August 2021

Hackers rush to exploit recently disclosed Realtek SDK vulnerabilities


Hackers rush to exploit recently disclosed Realtek SDK vulnerabilities

Researchers at cybersecurity company SAM are warning of hackers attempting to exploit a recent set of dangerous vulnerabilities in Realtek SDK that came to light earlier this month.

Tracked as CVE-2021-35392, CVE-2021-35393, CVE-2021-35394 and CVE-2021-35395, the critical flaws reside in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel to name a few. The affected devices are ranging from residential gateways and travel routers to Wi-Fi repeaters, IP cameras, and smart lightning gateways or connected toys, according to security firm IoT Inspector that first disclosed the flaws.

By exploiting above vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege.

Just mere days after the details of the vulnerabilities were made public, SAM researchers noticed that one of the flaws (CVE-2021-35395) has been exploited in the wild to spread a Mirai variant - the same variant spotted in March by Palo Alto Networks.

“Specifically, we noticed exploit attempts to “formWsc” and “formSysCmd” web pages. The exploit attempts to deploy a Mirai variant detected in March by Palo Alto Networks,” the researchers said.

“A similar incident was reported two weeks ago, on August 6th, by Juniper Networks [5]. A newly discovered vulnerability was then exploited in the wild only 2 days after publication to spread the same Mirai variant… The webserver serving the Mirai botnet uses the same network subnet, indicating that the same attacker is involved in both incidents.”

The SAM research team said that based on their own analysis, the most common device models currently running the vulnerable Realtek SDK include the following:

  • Netis E1+ extender

  • Edimax N150 and N300 Wi-Fi router

  • Repotec RP-WR5444 router

The researchers provided full attack details, as well as Indicators of Compromise (IOCs) in their blog post.


Back to the list

Latest Posts

Bleed You campaign exploits Windows IKE RCE to deploy ransomware

Bleed You campaign exploits Windows IKE RCE to deploy ransomware

Hackers have been targeting weak or vulnerable Windows OS, Windows Servers, Windows protocols, and services.
29 November 2022
Popular TikTok “Invisible Body” challenge used to spread malware

Popular TikTok “Invisible Body” challenge used to spread malware

The malicious video reached over a million views in just a couple of days after it was posted.
29 November 2022
Meta fined €265M over a massive 2021 Facebook data leak

Meta fined €265M over a massive 2021 Facebook data leak

Since 2021, the DPC has slapped Meta, Instagram and WhatsApp with €912 million in fines for alleged violations of GDPR.
29 November 2022