Managing multiple security vendors is proving to be a significant challenge for organizations, leading to difficulties in integration, visibility, and control. Recent surveys and reports have identified numerous problems associated with managing an assortment of security products from different vendors, and that managing multiple vendors was cited as the top challenge in achieving an effective security posture.
“Simplicity is the ultimate sophistication.” – Leonardo da Vinci
To mitigate security risks, one effective approach is to consolidate vendors. This strategy can enhance security management, simplify operations, and reduce complexity. In this article, we evaluate the risks of managing numerous security tools and solutions, as well as the benefits of vendor consolidation.
FortiGuard Labs has observed threat actors continuing to exploit an arbitrary command injection vulnerability in Realtek Jungle SDK (CVE-2021-35394). Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on vulnerable devices, leading to system compromise. Realtek Jungle SDK based IoT devices are available from multiple vendors.Why is this Significant?This is significant because FortiGuard Labs is still detecting high counts (upwards of 6,000 devices per day) of CVE-2021-35394 being exploited in the wild even after a patch was released in August 2021. As such, it is recommended that the patch is applied as soon as possible when possible. CISA added CVE-2021-35394 to the Known Exploited Vulnerability (KEV) Catalog on December 10th, 2021.What is CVE-2021-35394?CVE-2021-35394 is an arbitrary command injection vulnerability that affects UDPServer in Realtek Jungle SDK version v2.0 up to v3.4.14B. Threat actors can leverage the vulnerability to execute arbitrary code on vulnerable devices, leading to system compromise. The vulnerability has a CVSS base score of 9.8.Malware such as RedGoBot, GooberBot, Mirai, Gafgyt and Mozi are reportedly associated with CVE-2021-35394.Has the Vendor Released an Advisory?Yes, Realtek released an advisory on August 15th, 2021. See the Appendix for a link to “Realtek AP-Router SDK Advisory (CVE-2021-35392/CVE-2021-35393/CVE-2021-35394/CVE-2021-35395)”.Has the Vendor Released a Patch for CVE-2021-35394?Yes, a patch from Realtek is available, however IoT device manufactures need to distribute the patch to their end products.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2021-35394:Realtek.SDK.UDPServer.Command.Execution
A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.
A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.
