virus logo Outbreak Alert

Realtek SDK Attack

Released: Mar 21, 2023

Download PDF »

Realtek SDK Attack Attack Tags

High Severity

Subscribe

Multiple issues in Realtek SDK causing supply chain risks

FortiGuard Labs continue to see Realtek SDK vulnerabilities being exploited in the wild with over 10,000+ average IPS detections per month to deploy and distribute Denial-of-service botnet malware such as new Hinata Botnet, RedGoBot, GooberBot and Marai based Botnet. Learn More »

Common Vulnerabilities and Exposures



Background

Realtek chipsets are found in many devices including, Communications Network devices, Computer Peripherals, Multimedia chips used across the industry. Two critical vulnerabilities which are actively exploited by the attackers are Realtek Jungle SDK CVE-2021-35394 which affects the 'MP Daemon' and 'UDPServer' by multiple memory corruption flaws and a relatively older vulnerability CVE-2014-8361 which affects the Realtek SDK's "miniigd" SOAP service.

At least 65 vendors are affected by the critical vulnerabilities that enable unauthenticated attackers to fully compromise the target device and execute arbitrary code. Affected devices range from network devices such as residential gateways, routers, Wi-Fi repeaters, IP cameras to smart lightning gateways and connected toys. Some of the affected vendors includes, D-Link, LG, Belkin, Zyxel, Asus, Netgear etc.

Click here to analyze the

Real-Time Threat Map

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


April 24, 2015: Realtek SDK miniigd RCE (CVE-2014-8361) advisory was released as 0 day. https://www.zerodayinitiative.com/advisories/ZDI-15-155/
August 15, 2021: Realtek releases security advisory for Realtek Jungle SDK Remote Code Execution Vulnerability and provided fix for CVE-2021-35394

December 10, 2021: CISA adds Realtek Jungle SDK Remote Code Execution Vulnerability (CVE-2021-35394) to its known exploited vulnerability catalog


March 20, 2023: FortiGuard Labs researchers observe high exploitation attempts of Realtek vulnerabilities CVE-2021-35394 and CVE-2014-8361 and continued ongoing attacks.

Fortinet customers remain protected by IPS signature protections and Anti-malware detections throughout the security fabric. It is recommended that users apply patches to vulnerable devices impacted by Realtek SDK flaws.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • Lure

  • Decoy VM

  • AV

  • AV (Pre-filter)

  • Behavior Detection

  • IPS

  • Web App Security

DETECT

  • IOC

  • Outbreak Detection

  • Threat Hunting

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.