[TheRecord] Hundreds of thousands of Realtek-based devices under attack from IoT botnet

A dangerous vulnerability in Realtek chipsets used in hundreds of thousands of smart devices from at least 65 vendors is currently under attack from a notorious DDoS botnet gang.

The attacks started last week, according to a report from IoT security firm SAM, and began just three days after fellow security firm IoT Inspector published details about the vulnerability on its blog.

Vulnerability impacts little know but very popular Realtek SoC

Tracked as CVE-2021-35395, the vulnerability is part of four issues IoT Inspector researchers found in the software development kit (SDK) that ships with multiple Realtek chipsets (SoCs).

These chips are manufactured by Realtek but are shipped to other companies, which then use them as the basic System-on-Chip (SoC) board for their own devices, with the Realtek SDK serving as a configurator and starting point for their own firmware.

IoT Inspector said they found more than 200 different device models from at least 65 different vendors that had been built around these chips and were using the vulnerable SDK.

Estimated in the realm of hundreds of thousands of internet-connected devices, the list of vulnerable items includes routers, network gateways, Wi-Fi repeaters, IP cameras, smart lighting, and even internet-connected toys.

Of the four issues discovered by the IoT Inspector research team, the CVE-2021-35395 vulnerability received the highest severity rating, of 9.8 out of 10 on the CVSSv3 severity scale.

According to the research team, the vulnerability, which resided in a web panel used to configure the SDK/device, allowed a remote attacker to connect to these devices via malformed URL web panel parameters, bypass authentication, and run malicious code with the highest privileges, effectively taking over the device.

While Realtek released patches [PDF] a day before IoT Inspector published its findings last week, this was far too small of a time window for device vendors to deploy the security updates down the line to their own set of customers.

This means that today, the vast majority of these devices are still running outdated firmware (and an outdated Realtek SDK), being exposed to attacks.

A very busy botnet

Per SAM, exploitation started shortly after and came from the same Mirai-based botnet that a week before rushed to exploit a similar mega-bug in millions of routers running Arcadyan-based firmware.

The SAM research team said that based on their own scans, the most common device models currently running the vulnerable Realtek SDK include the likes of:

Netis E1+ extenderEdimax N150 and N300 Wi-Fi routerRepotec RP-WR5444 router

Owners of such devices should look or inquire their sellers for new firmware patches.

The post Hundreds of thousands of Realtek-based devices under attack from IoT botnet appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] CISA Releases Guidance on Securing Enterprise Mobile Devices

All posts, Security Week

The United States Cybersecurity and Infrastructure Security Agency (CISA) last week published a Capacity Enhancement Guide (CEG) to help organizations secure mobile devices and their access to enterprise resources. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] EU Data Watchdogs Want Ban on AI Facial Recognition

All posts, Security Week

The EU’s data protection agencies on Monday called for an outright ban on using artificial intelligence to identify people in public places, pointing to the “extremely high” risks to privacy. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Dell adds new security features and automation to ProSupport Suite

All posts, ZDNet

The new ProSupport Suite for PCs capabilities will be available to customers by October 19, and the Advanced Secure Component Verification is available now for US customers. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.