Critical Vulnerability In Realtek Jungle Software Development Kit (SDK)

Security researchers have discovered an increase in exploitation activities targeting a remote code execution vulnerability (CVE-2021-35395) in Realtek Jungle SDK. Realtek Jungle SDK is a chipset used by several Internet of Things (IoT) device manufacturers in their products. 

The vulnerability affects Realtek Jungle SDK version 2.0 (inclusive) to 3.4.14B (inclusive) and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the vulnerability could allow remote unauthenticated attackers to perform arbitrary command injection.

Users and administrators of affected products are advised to upgrade to the latest versions released by their product vendors immediately, if available. If the vulnerable product is running slow or sending out a large amounts of traffic to unknown domains, it may be an indication that the product's vulnerability has been exploited. In order to remediate any possible compromise, users and administrators are advised to perform a factory reset, change the administrator password to a strong password, and apply all available firmware updates.

More information is available here:

https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/

https://www.bleepingcomputer.com/news/security/malware-exploited-critical-realtek-sdk-bug-in-millions-of-attacks/

https://nvd.nist.gov/vuln/detail/CVE-2021-35394

https://portswigger.net/daily-swig/realtek-sdk-vulnerabilities-impact-dozens-of-downstream-iot-vendors

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf