Outbreak Alert
Multiple issues in Realtek SDK causing supply chain risks
FortiGuard Labs continue to see Realtek SDK vulnerabilities being exploited in the wild with over 10,000+ average IPS detections per month to deploy and distribute Denial-of-service botnet malware such as new Hinata Botnet, RedGoBot, GooberBot and Marai based Botnet. Learn More »
Common Vulnerabilities and Exposures
Background
Realtek chipsets are found in many devices including, Communications Network devices, Computer Peripherals, Multimedia chips used across the industry. Two critical vulnerabilities which are actively exploited by the attackers are Realtek Jungle SDK CVE-2021-35394 which affects the 'MP Daemon' and 'UDPServer' by multiple memory corruption flaws and a relatively older vulnerability CVE-2014-8361 which affects the Realtek SDK's "miniigd" SOAP service. At least 65 vendors are affected by the critical vulnerabilities that enable unauthenticated attackers to fully compromise the target device and execute arbitrary code. Affected devices range from network devices such as residential gateways, routers, Wi-Fi repeaters, IP cameras to smart lightning gateways and connected toys. Some of the affected vendors includes, D-Link, LG, Belkin, Zyxel, Asus, Netgear etc.
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 92/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 96.86% |
 |
FortiGuard Telemetry | 13114 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
April 24, 2015: Realtek SDK miniigd RCE (CVE-2014-8361) advisory was released as 0 day. https://www.zerodayinitiative.com/advisories/ZDI-15-155/
August 15, 2021: Realtek releases security advisory for Realtek Jungle SDK Remote Code Execution Vulnerability and provided fix for CVE-2021-35394
December 10, 2021: CISA adds Realtek Jungle SDK Remote Code Execution Vulnerability (CVE-2021-35394) to its known exploited vulnerability catalog
March 20, 2023: FortiGuard Labs researchers observe high exploitation attempts of Realtek vulnerabilities CVE-2021-35394 and CVE-2014-8361 and continued ongoing attacks.
Fortinet customers remain protected by IPS signature protections and Anti-malware detections throughout the security fabric. It is recommended that users apply patches to vulnerable devices impacted by Realtek SDK flaws.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
IOC
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.