A vulnerability in the Realtek Jungle SDK was recently discovered by researchers from Unit 42 to have been exploited in a large-scale attack on Internet of Things (IoT) devices.
The vulnerability, known as CVE-2021-35394, allowed for remote code execution and was found to have affected nearly 190 distinct device types produced by 66 different companies.
The majority of the attacks seen were attempts to infect susceptible devices with malware.
The vulnerability was made public on August 16, 2021, and affects UDPServer in Realtek Jungle SDK versions 2.0 and later, up to and including Realtek Jungle SDK version 3.4.14B.
Remote attackers who are not authenticated can exploit this vulnerability to accomplish arbitrary command execution, potentially taking control of affected devices.
Many IoT manufacturers include chipsets manufactured by Realtek in their products, making it difficult for the typical user to determine if their devices are affected by this vulnerability.
A Shodan scan revealed that port 9034 was open in more than 80 distinct IoT devices from 14 different manufacturers, with router models produced by well-known companies in the networking industry being particularly susceptible.
The researchers observed three distinct types of payloads being used in the attacks: a script that connects to a known malicious IP address and downloads and runs malware, a binary payload that is written directly to a file and executed, and a command that causes the targeted server to restart immediately, causing a denial of service.
The recent uptick in attacks exploiting the CVE-2021-35394 vulnerability highlights the danger of supply chain vulnerabilities, which are notoriously difficult for the typical user to recognize and fix.
A total of 134 million attempts to exploit the vulnerability were recorded between August 2021 and December 2022, with 97% of these attacks happening after August 2022. The United States was found to be the most significant contributor to the overall number of attacks, accounting for 48.3% of the total.
It is important for all smart devices, conventional computers, and mobile devices to be regularly updated with the latest patches and updates to ensure maximum security. As the vulnerability may be difficult to identify and fix, it is crucial to be vigilant in monitoring and protecting your devices.