Headline
Critical Realtek Vulnerability Impacting IoT Devices Worldwide
By Deeba Ahmed This is a critical vulnerability affecting almost 190 models of devices from 66 different manufacturers. This is a post from HackRead.com Read the original post: Critical Realtek Vulnerability Impacting IoT Devices Worldwide
As of December 2022, Unit 42 researchers had observed 134 million exploit attempts leveraging this vulnerability, and around 97 of them occurred at the beginning of August 2022.
According to a new report from Palo Alto Networks’ Unit 42 researchers, between August and October 2022, cybercriminals increased their efforts to exploit a Realtek Jungle SDK vulnerability.
Usually, researchers record 10% of all attacks targeting a single vulnerability. But in this case, over 40% of all attacks involved exploitation of the Realtek remote code execution (RCE) vulnerability.
Vulnerability Analysis
The Realtek Jungle SDK RCE is tracked as CVE-2021-35394, rated 9.8. As of December 2022, Unit 42 researchers had observed 134 million exploit attempts leveraging this vulnerability, and around 97 of them occurred at the beginning of August 2022.
This is a critical vulnerability affecting almost 190 models of devices from 66 different manufacturers.
Hackers find it useful because it can create supply-chain issues that make it difficult for users to identify the products that attackers are exploiting. It’s an arbitrary command injection and buffer overflow bug that could be leveraged to execute arbitrary code and gain the highest level of privileges, eventually hijacking the infected device appliance.
Attack Details
According to Unit 42’s blog post, most of the attacks observed were attempts to deliver malware and compromise vulnerable IoT devices, indicating that threat actors aim to launch large-scale attacks against internet-connected devices worldwide.
Around 50% of the attacks (48.3% to be precise) were launched from the USA, followed by Vietnam (17.8%) and Russia (14.6%). Other prominent regions include the Netherlands (7.4%), Germany (2.3%), France (6.4%), and Luxembourg (1.6%).
Moreover, 95% of the attacks targeting the vulnerability and originating from Russia were launched against Australian organizations.
Potential Dangers
Unit 42 identified three kinds of payloads that were distributed through in-the-wild exploitation of this bug. The first payload was a script that executed a shell command on the targeted server and downloaded another malware.
The second payload is an injected command that writes a binary payload to a file and executes that file. The third is an injected command that directly reboots the targeted server to launch DoS (denial of service) attacks.
Additionally, attackers can exploit this bug to deliver known botnets such as Mozi, Mirai, Gafgyt, and the new Golang-based DDoS botnet called RedGoBot.
Vulnerable IoT devices include IP cameras, routers, residential gateways, and Wi-Fi repeaters from at least 66 vendors, including Belkin, D-Link, ASUS, Huawei, LG, ZTE, Logitech, Zyxel, and NETGEAR.
More IoT Security News
- BotenaGo botnet malware targeting millions of IoT devices
- IoT Devices Hacked to Install Ransomware on OT Networks
- ThroughTek Flaw Exposed Millions of IoT Cameras to Spying
- Millions of IoT devices, baby monitors open to video snooping
- Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices
Related news
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 (CVSS score: 9.8) and CVE-2021-35394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022-46169 relates to a critical
Researchers are warning about a spike in exploitation attempts weaponizing a critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks