Intrusion PreventionRealtek.SDK.UDPServer.Command.Execution
Description
This indicates an attack attempt to exploit a Command Execution vulnerability in Realtek devices.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious request. A remote attacker may be able to exploit this to execute arbitrary code on vulnerable systems.
Outbreak Alert
FortiGuard Labs continue to see Realtek SDK vulnerabilities being exploited in the wild with over 10,000+ average IPS detections per month to deploy and distribute Denial-of-service botnet malware such as new Hinata Botnet, RedGoBot, GooberBot and Marai based Botnet.
Affected Products
Realtek Jungle SDK version v2.0 up to v3.4.14B
Impact
System Compromise: Remote attackers can gain control of vulnerable system.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-04-03 | 23.526 | Sig Added |
| 2023-03-21 | 23.517 | Sig Added |
| 2022-06-04 | 21.331 | Default_action:pass:drop |
| 2022-05-17 | 20.317 |
| ID | 51534 |
| Created | May 10, 2022 |
| Updated | Mar 31, 2023 |
| Outbreak Alert | Realtek SDK Attack |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2021-35394 |
| Known Exploited | Yes |
| Exploit Prediction Score | 96.67% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, BSD |
| Affected App | Other |