RealTek Jungle SDK Vulnerability

Researchers at Palo Alto Network Unit 42 say that a vulnerability in RealTek Jungle SDK accounted for 40 percent of attacks they reviewed between August and October 2022. In a post, the researchers write, “As of December 2022, we’ve observed 134 million exploit attempts in total leveraging this vulnerability, and about 97% of these attacks occurred after the start of August 2022. At the time of writing, the attack is still ongoing.” The vulnerability in the SDK is the result of several memory corruption flaws and an arbitrary command injection issue. The vulnerability affects nearly 190 devices from more than 60 manufacturers.

Note

• We have an embedded chip vulnerability, which is dependent on updates from your vendor (D-Link, Netgear, LG, Belkin, Zytel, or Asus) for the fix. Make sure that you’re running the latest firmware on these devices. Check the firmware version on the vendor’s support site against your routers version if you’ve not seen an update in a while. If you can, use the IOCs to see if you’re impacted.
• The large number of exploit attempts is not surprising given the high CVSS score for this vulnerability. I mean, cybercriminals can read and they see that it’s a RCE vulnerability that affects a large number of manufacturers and devices. The simple solution is to patch the vulnerable device. Until the patch is in place, monitor your network for signs that the device has been compromised.

Read more in

• Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
• CVE-2021-35394 Detail