Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Realtek SDK Vulnerabilities Exploited in Attacks Days After Disclosure

Researchers noticed that threat actors started exploiting Realtek SDK vulnerabilities shortly after their details were made public.

Researchers noticed that threat actors started exploiting Realtek SDK vulnerabilities shortly after their details were made public.

Realtek informed customers about the flaws and the availability of patches in an advisory published on August 15. The next day, details were disclosed by firmware security company IoT Inspector, whose researchers discovered the vulnerabilities.

SAM Seamless Network, a company that specializes in home network security, noticed on August 18 that hackers had already started exploiting some of the vulnerabilities in the wild.

IoT Inspector researchers identified more than a dozen vulnerabilities in the SDKs provided by Realtek to companies that use its RTL8xxx chips. Some of the security holes can be exploited by a remote, unauthenticated attacker to take complete control of a targeted device.

IoT inspector identified nearly 200 unique types of affected devices from a total of 65 different vendors, including routers, IP cameras, Wi-Fi repeaters and residential gateways from companies such as ASUS, Belkin, D-Link, Huawei, LG, Logitech, Netgear, ZTE and Zyxel.

The firm estimated that there could be as many as one million systems that are exposed to remote attacks due to these vulnerabilities.

Four CVE identifiers have been assigned to the flaws: CVE-2021-35392, CVE-2021-35393, CVE-2021-35394 and CVE-2021-35395. According to SAM, CVE-2021-35395, which comprises six different bugs, has been exploited in the wild to deliver a variant of the Mirai IoT malware.

The malware appears to be a Mirai variant detailed by Palo Alto Networks in March. The cybersecurity firm warned at the time that the botnet powered by this malware had been exploiting 10 different vulnerabilities in an effort to hijack IoT devices, and noted that new exploits were sometimes added within hours after a flaw was disclosed.

Advertisement. Scroll to continue reading.

Earlier this month, Juniper Networks started seeing attempts to exploit CVE-2021-20090, a vulnerability that affects at least 20 vendors that provide routers running firmware made by Arcadyan, a Taiwan-based provider of networking solutions. Attacks exploiting CVE-2021-20090 were also spotted just days after the security hole was made public, and those attacks have also been linked to the same Mirai variant.

“According to SAM’s own research of connected devices, based on anonymously collected network data spanning more than 2M home and business networks, the following devices are the most common devices with the Realtek SDK: Netis E1+ extender, Edimax N150 and N300 Wi-Fi router, Repotec RP-WR5444 router,” SAM said in a blog post last week. “These devices are used mainly to enhance Wi-Fi reception.”

The company has made available indicators of compromise (IOCs) for the attacks it has observed.

Related: New Mirai Variant Delivered to Zyxel NAS Devices Via Recently Patched Flaw

Related: New ‘Gucci’ IoT Botnet Targets Europe

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...