FortiGuard Labs has observed threat actors continuing to exploit an arbitrary command injection vulnerability in Realtek Jungle SDK (CVE-2021-35394). Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on vulnerable devices, leading to system compromise. Realtek Jungle SDK based IoT devices are available from multiple vendors.Why is this Significant?This is significant because FortiGuard Labs is still detecting high counts (upwards of 6,000 devices per day) of CVE-2021-35394 being exploited in the wild even after a patch was released in August 2021. As such, it is recommended that the patch is applied as soon as possible when possible. CISA added CVE-2021-35394 to the Known Exploited Vulnerability (KEV) Catalog on December 10th, 2021.What is CVE-2021-35394?CVE-2021-35394 is an arbitrary command injection vulnerability that affects UDPServer in Realtek Jungle SDK version v2.0 up to v3.4.14B. Threat actors can leverage the vulnerability to execute arbitrary code on vulnerable devices, leading to system compromise. The vulnerability has a CVSS base score of 9.8.Malware such as RedGoBot, GooberBot, Mirai, Gafgyt and Mozi are reportedly associated with CVE-2021-35394.Has the Vendor Released an Advisory?Yes, Realtek released an advisory on August 15th, 2021. See the Appendix for a link to “Realtek AP-Router SDK Advisory (CVE-2021-35392/CVE-2021-35393/CVE-2021-35394/CVE-2021-35395)”.Has the Vendor Released a Patch for CVE-2021-35394?Yes, a patch from Realtek is available, however IoT device manufactures need to distribute the patch to their end products.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place for CVE-2021-35394:Realtek.SDK.UDPServer.Command.Execution
More Stories
USN-6772-1: strongSwan vulnerability
Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue...
USN-6767-2: Linux kernel (BlueField) vulnerabilities
Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could...
pgadmin4-8.6-1.fc40 python-libgravatar-1.0.4-1.fc40
FEDORA-2024-4d4ceb61f7 Packages in this update: pgadmin4-8.6-1.fc40 python-libgravatar-1.0.4-1.fc40 Update description: Update to pgadmin4-8.6 Read More
Google Chromium in Visuals Use-After-Free Vulnerability (CVE-2024-4671)
What is the Vulnerability?A new zero-day vulnerability has recently been discovered in the Visuals component of Chrome, which is responsible...
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful...
USN-6771-1: SQL parse vulnerability
It was discovered that SQL parse incorrectly handled certain nested lists. An attacker could possibly use this issue to cause...