Increase in Attacks Targeting CVE-2021-35394 Observed

January 24, 2023

Security researchers have observed an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK. Disclosed in August 2021, the vulnerability impacts hundreds of device types that rely on Realtek's RTL8xxx chips, including routers, residential gateways, IP cameras, and Wi-Fi repeaters from 66 different manufacturers. The bug allows unauthenticated attackers to execute code on vulnerable devices, gaining complete control over them.

According to Palo Alto Networks, as of December 2022, 134 million exploit attempts leveraging this vulnerability have been observed, with 97% of these attacks occurring after the start of August 2022. The end goal of many of the observed attacks was malware distribution, as threat groups are targeting the flaw in large-scale attacks aimed at Internet of Things (IoT) devices. An analysis of the exploit attempts shows that the US is the source of 48.3% of the attacks, followed by Vietnam with 17.8% and Russia at 14.6%.

Organizations are urged to ensure that their IoT devices are properly protected, as the vulnerability underscores the need for proper security measures. While the impacted vendors might have released software updates to resolve the issue or mitigation recommendations for their users, many organizations continue to use vulnerable devices.

Latest News

• Arris Routers Vulnerable to Remote Code Execution
• Fortinet Releases Security Updates for FortiNAC and FortiWeb
• SolarWinds Patches High-Severity Vulnerabilities
• ProxyShellMiner Exploits Microsoft Exchange Vulnerabilities
• CISA Adds Four Security Vulnerabilities to Known Exploited List