Realtek SDK Attack
Multiple issues in Realtek SDK causing supply chain risks
FortiGuard Labs continue to see Realtek SDK vulnerabilities being exploited in the wild with over 10,000+ average IPS detections per month to deploy and distribute Denial-of-service botnet malware such as new Hinata Botnet, RedGoBot, GooberBot and Marai based Botnet. Learn More »
Common Vulnerabilities and Exposures
Background
Realtek chipsets are found in many devices including, Communications Network devices, Computer Peripherals, Multimedia chips used across the industry. Two critical vulnerabilities which are actively exploited by the attackers are Realtek Jungle SDK CVE-2021-35394 which affects the 'MP Daemon' and 'UDPServer' by multiple memory corruption flaws and a relatively older vulnerability CVE-2014-8361 which affects the Realtek SDK's "miniigd" SOAP service. At least 65 vendors are affected by the critical vulnerabilities that enable unauthenticated attackers to fully compromise the target device and execute arbitrary code. Affected devices range from network devices such as residential gateways, routers, Wi-Fi repeaters, IP cameras to smart lightning gateways and connected toys. Some of the affected vendors includes, D-Link, LG, Belkin, Zyxel, Asus, Netgear etc.
Threat Radar Overall Score: 4.2
CVSS Rating | 9.0 | |
FortiRecon Score | 92/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 96.86% | |
FortiGuard Telemetry | 12797 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
April 24, 2015: Realtek SDK miniigd RCE (CVE-2014-8361) advisory was released as 0 day. https://www.zerodayinitiative.com/advisories/ZDI-15-155/
August 15, 2021: Realtek releases security advisory for Realtek Jungle SDK Remote Code Execution Vulnerability and provided fix for CVE-2021-35394
December 10, 2021: CISA adds Realtek Jungle SDK Remote Code Execution Vulnerability (CVE-2021-35394) to its known exploited vulnerability catalog
March 20, 2023: FortiGuard Labs researchers observe high exploitation attempts of Realtek vulnerabilities CVE-2021-35394 and CVE-2014-8361 and continued ongoing attacks.
Fortinet customers remain protected by IPS signature protections and Anti-malware detections throughout the security fabric. It is recommended that users apply patches to vulnerable devices impacted by Realtek SDK flaws.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
AV Detects and blocks malware related to Realtek SDK Attack.
AV (Pre-filter) Detects and blocks malware related to Realtek SDK Attack.
Behavior Detection AI-based Behaviour Detection engine detects 0-day Malware
IPS Detects and blocks Realtek SDK Attack (CVE-2014-8361, CVE-2021-35394)
Outbreak Detection
Threat Hunting
Assisted Response Services Experts to assist you with analysis, containment and response activities.
FortiRecon: ACI
Automated Response Services that can automaticlly respond to this outbreak.
FortiClient Forensics
InfoSec Services Security readiness and awareness training for SOC teams, InfoSec and general employees.
Attack Surface Monitoring (Inside & Outside) Security reconnaissance and penetration testing services, covering both internal & external attack vectors, including those introduced internally via software supply chain.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.