Security researchers sounded the alarm about a significant increase in exploitation attempts weaponizing a now-patched critical remote code execution (RCE) vulnerability in Realtek Jungle SDK. Here’s what you need to know.
Realtek is a global company that provides integrated circuit (IC) products for “connected media, communications network, computer peripheral, multimedia and smart interconnect applications.” Realtek’s Jungle SDK provides an HTTP web server exposing a management interface that can be used to configure the access point.
The vulnerability, CVE-2021-35394, is a critically rated buffer overflow and an arbitrary command injection bug that could be used to execute arbitrary code with the highest privilege level and take over affected appliances. As of December 2022, the ongoing campaign has recorded 134 million exploit attempts, with 97% of the attacks taking place in the past four months.
According to researchers, most of the attacks observed tried to deliver malware like Mirai, Gafgyt, Mozi and RedGoBot to infect vulnerable Internet of Things (IoT) devices. The threat group behind these campaigns are using CVE-2021-35394 to carry out large-scale attacks on smart devices from D-Link, LG, Belkin, Belkin, ASUS and NETGEAR.
IoT devices and routers are often not considered as part of an organization’s security posture; however, many devices could still be at risk. The findings from the above-mentioned campaign highlight the need for organizations and individuals to remain vigilant and proactive in protecting their systems from cyber threats.
Plan on it! And these attacks won’t only target businesses. Nuspire’s CSO, J.R. Cunningham predicts 2023 will be the year of the consumer-focused IoT attack. Today’s consumers average over 20 connected devices per household, and many don’t take the important steps of securing those devices. Expect to see some significant attacks against smart devices, smart homes, smart appliances, personal digital assistants and more.