Attackers Actively Exploiting Realtek SDK Flaws

[silversurfer]

Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits (SDK) deployed across at least 65 separate vendors.
 
On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector Research Lab. It took about 48 hours for attackers to start trying to exploit them. SAM Seamless Network reported two days after the bugs were made public, attackers made “multiple” attempts breach the company’s Secure Home product to spread a new version of Mirai malware.
 
“Specifically, we noticed exploit attempts to ‘formWsc’ and ‘formSysCmd’ web pages,” SAM’s report on the incident said. “The exploit attempts to deploy a Mirai variant detected in March by Palo Alto Networks. Mirai is a notorious IoT and router malware circulating in various forms for the last 5 years. It was originally used to shut down large swaths of the internet but has since evolved into many variants for different purposes.”
 
The report goes on to link another similar attack to the attack group. On Aug. 6 Juniper Networks found a vulnerability that just two days later was also exploited to try and deliver the same Mirai botnet using the same network subnet, the report explained.
 
“This chain of events shows that hackers are actively looking for command injection vulnerabilities and use them to propagate widely used malware quickly,” SAM said. “These kinds of vulnerabilities are easy to exploit and can be integrated quickly into existing hacking frameworks that attackers employ, well before devices are patched and security vendors can react.”
 
Realtek Semiconductor Corp. has not yet responded to Threatpost’s request for comment, but the company did release this advisory on CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, CVE-2021-35395

Read more: Attackers Actively Exploiting Realtek SDK Flaws