FortiGuard Labs has observed threat actors continuing to exploit an arbitrary command injection vulnerability in Realtek Jungle SDK (CVE-2021-35394). Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on vulnerable devices, leading to system compromise. Realtek Jungle SDK based IoT devices are available from multiple vendors.Why is this Significant?This is significant because FortiGuard Labs is still detecting high counts (upwards of 6,000 devices per day) of CVE-2021-35394 being exploited in the wild even after a patch was released in August 2021. As such, it is recommended that the patch is applied as soon as possible when possible. CISA added CVE-2021-35394 to the Known Exploited Vulnerability (KEV) Catalog on December 10th, 2021.What is CVE-2021-35394?CVE-2021-35394 is an arbitrary command injection vulnerability that affects UDPServer in Realtek Jungle SDK version v2.0 up to v3.4.14B. Threat actors can leverage the vulnerability to execute arbitrary code on vulnerable devices, leading to system compromise. The vulnerability has a CVSS base score of 9.8.Malware such as RedGoBot, GooberBot, Mirai, Gafgyt and Mozi are reportedly associated with CVE-2021-35394.Has the Vendor Released an Advisory?Yes, Realtek released an advisory on August 15th, 2021. See the Appendix for a link to “Realtek AP-Router SDK Advisory (CVE-2021-35392/CVE-2021-35393/CVE-2021-35394/CVE-2021-35395)”.Has the Vendor Released a Patch for CVE-2021-35394?Yes, a patch from Realtek is available, however IoT device manufactures need to distribute the patch to their end products.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2021-35394:Realtek.SDK.UDPServer.Command.Execution
More Stories
CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
What is the vulnerability? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged...
gdcm-3.0.23-5.fc39
FEDORA-2024-11821b16ac Packages in this update: gdcm-3.0.23-5.fc39 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.12-7.el9
FEDORA-EPEL-2024-f5884f808a Packages in this update: gdcm-3.0.12-7.el9 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.21-4.fc38
FEDORA-2024-7a57842ec3 Packages in this update: gdcm-3.0.21-4.fc38 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.23-5.fc40
FEDORA-2024-fae33e6e9f Packages in this update: gdcm-3.0.23-5.fc40 Update description: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569:...
gdcm-3.0.23-5.fc41
FEDORA-2024-c5909efa5c Packages in this update: gdcm-3.0.23-5.fc41 Update description: Automatic update for gdcm-3.0.23-5.fc41. Changelog * Fri Apr 26 2024 Sandro <devel@penguinpee.nl>...