Security News > 2021 > August > Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395)

Threat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices.

A week ago, IoT Inspector researchers released details about four CVE-numbered flaws affecting the Realtek SDK, which comes with a specific system on a chip manufactured by Taiwanese semiconductor company Realtek.

The SoC in questions - the Realtek RTL819xD chipset - is found in many embedded devices in the IoT space.

CVE-2021-35395 exploitation attempts have been flagged by Israeli network security company SAM Seamless Network, which detected them via their home security solution.

"Specifically, we noticed exploit attempts to 'formWsc' and 'formSysCmd' web pages. The exploit attempts to deploy a Mirai variant detected in March by Palo Alto Networks," Omri Mallis, the company's Chief Product Archited, shared.

SAM's researchers have analyzed anonymously collected network data from more than 2 million home and business networks, and found that a Wi-Fi extender by Netic and two routers by Edimax and Repotec are the the most common devices with the Realtek SDK. Users of IoT devices would do well to check the list of affected manufacturers and device models to see whether their devices are vulnerable, and then wheter the manufacturers have already provided a patch.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/MwBoRwrKWUA/