IoT Devices the Target of Realtek Jungle SDK Vulnerability

Security researchers sounded the alarm about a significant increase in exploitation attempts weaponizing a now-patched critical remote code execution (RCE) vulnerability in Realtek Jungle SDK. Here’s what you need to know.

What is Realtek Jungle SDK?

Realtek is a global company that provides integrated circuit (IC) products for “connected media, communications network, computer peripheral, multimedia and smart interconnect applications.” Realtek’s Jungle SDK provides an HTTP web server exposing a management interface that can be used to configure the access point.

What is the situation?

The vulnerability, CVE-2021-35394, is a critically rated buffer overflow and an arbitrary command injection bug that could be used to execute arbitrary code with the highest privilege level and take over affected appliances. As of December 2022, the ongoing campaign has recorded 134 million exploit attempts, with 97% of the attacks taking place in the past four months.

According to researchers, most of the attacks observed tried to deliver malware like Mirai, Gafgyt, Mozi and RedGoBot to infect vulnerable Internet of Things (IoT) devices. The threat group behind these campaigns are using CVE-2021-35394 to carry out large-scale attacks on smart devices from D-Link, LG, Belkin, Belkin, ASUS and NETGEAR.

What should I do?

IoT devices and routers are often not considered as part of an organization’s security posture; however, many devices could still be at risk. The findings from the above-mentioned campaign highlight the need for organizations and individuals to remain vigilant and proactive in protecting their systems from cyber threats.

• Implement an IoT device management plan that includes patching and vulnerability management if one does not currently exist within your organization.
• Ensure you’ve changed the default passwords on devices after initial configuration.
• Keep IoT devices patched and firmware up to date to minimize risk of known vulnerabilities.
• Any high-risk IoT devices (especially internet facing) should be in their own segmented network to minimize lateral movement in the event of compromise.
• Subscribe to vendor security bulletins to receive notifications on newly announced vulnerabilities.

Will there be more IoT attacks?

Plan on it! And these attacks won’t only target businesses. Nuspire’s CSO, J.R. Cunningham predicts 2023 will be the year of the consumer-focused IoT attack. Today’s consumers average over 20 connected devices per household, and many don’t take the important steps of securing those devices. Expect to see some significant attacks against smart devices, smart homes, smart appliances, personal digital assistants and more.