Security News > 2021 > August > Botnet targets hundreds of thousands of devices using Realtek SDK
A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel.
Since the bug affects the management web interface, remote attackers can scan for and attempt to hack them to execute arbitrary code remotely on unpatched devices, allowing them to take over the impacted devices.
While Realtek shipped a patched version of the vulnerable SDK on August 13, three days before IoT Inspector security researchers published their advisory, this gave very little time to vulnerable device owners to apply the patch.
As network security firm SAM Seamless Network discovered, a Mirai botnet began searching for devices unpatched against CVE-2021-35395 on August 18, only two days after IoT Inspector shared details of the bug.
SAM says that the most common devices using buggy Realtek SDK targeted by this botnet are Netis E1+ extender, Edimax N150 and N300 Wi-Fi routers, and Repotec RP-WR5444 router, mainly used to enhance Wi-Fi reception.
"These kinds of vulnerabilities are easy to exploit and can be integrated quickly into existing hacking frameworks that attackers employ, well before devices are patched and security vendors can react."
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-16 | CVE-2021-35395 | Unspecified vulnerability in Realtek Jungle SDK Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. | 9.8 |