Increase in Attacks Targeting CVE-2021-35394 Observed

January 24, 2023

Security researchers have observed an increase in cyberattacks targeting CVE-2021-35394, a remote code execution (RCE) vulnerability in the Realtek Jungle SDK. Disclosed in August 2021, the vulnerability impacts hundreds of device types that rely on Realtek's RTL8xxx chips, including routers, residential gateways, IP cameras, and Wi-Fi repeaters from 66 different manufacturers. The bug allows unauthenticated attackers to execute code on vulnerable devices, gaining complete control over them.

According to Palo Alto Networks, as of December 2022, 134 million exploit attempts leveraging this vulnerability have been observed, with 97% of these attacks occurring after the start of August 2022. The end goal of many of the observed attacks was malware distribution, as threat groups are targeting the flaw in large-scale attacks aimed at Internet of Things (IoT) devices. An analysis of the exploit attempts shows that the US is the source of 48.3% of the attacks, followed by Vietnam with 17.8% and Russia at 14.6%.

Organizations are urged to ensure that their IoT devices are properly protected, as the vulnerability underscores the need for proper security measures. While the impacted vendors might have released software updates to resolve the issue or mitigation recommendations for their users, many organizations continue to use vulnerable devices.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.