Shortly after the information of Realtek SDK vulnerabilities were made public, researchers found that threat actors began attacking them.
In an alert published on August 15, Realtek informed customers about the issues and the availability of patches. Details were released the next day by firmware security firm IoT Inspector, whose researchers uncovered the flaws.
On August 18, SAM Seamless Network, a home network security business, reported that hackers had already begun abusing some of the vulnerabilities in the wild.
The SDKs given by Realtek to organisations that use its RTL8xxx chips include more than a dozen vulnerabilities, according to IoT Inspector researchers. A remote, unauthenticated attacker might use some of the security flaws to take complete control of a targeted device.
Nearly 200 distinct types of impacted devices from 65 different vendors were identified by IoT inspector, including routers, IP cameras, Wi-Fi repeaters, and residential gateways from ASUS, Belkin, D-Link, Huawei, LG, Logitech, Netgear, ZTE, and Zyxel.
Due to these vulnerabilities, the firm estimates that up to one million systems could be vulnerable to remote assaults.
CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, and CVE-2021-35395 are the four CVE identifiers assigned to the flaws. CVE-2021-35395, which consists of six separate issues, has been used in the wild to deploy a variant of the Mirai IoT malware, according to SAM.
Palo Alto Networks identified the malware as a Mirai variant in March. At the time, the cybersecurity firm said that the botnet driven by this malware was attempting to steal IoT devices by exploiting ten separate vulnerabilities, and that fresh exploits were sometimes added just hours after a hole was discovered.
Juniper Networks began witnessing efforts to exploit CVE-2021-20090 earlier this month, a vulnerability that affects at least 20 vendors who sell routers with firmware from Arcadyan, a Taiwan-based networking solutions supplier. CVE-2021-20090-related attacks were discovered just days after the vulnerability was made public, and they were linked to the same Mirai variant.
“According to SAM’s own connected device research, based on anonymously collected network data spanning more than 2M home and business networks, the following devices are the most common devices with the Realtek SDK: Netis E1+ extender, Edimax N150 and N300 Wi-Fi router, Repotec RP-WR5444 router,” SAM wrote in a blog post last week. “The major purpose of these gadgets is to improve Wi-Fi reception.”
For the attacks it has seen, the business has made indications of compromise (IOCs) available.