[German]Security researchers from Juniper Networks are sounding the alarm. Already since the first week of August 2021, model and routers from the manufacturer Arcadyan (installed in many OEM devices) have been attacked via vulnerability CVE-2021-20090. Now, attacks on vulnerability CVE-2021-35394 and CVE-2021-35395 on IoT devices with RealTek SOCs are also observed in the wild.
Advertising
Vulnerability CVE-2021-20090 in devices
On August 2, 2021, in the blog post Authentication Vulnerability CVE-2021-20090 in Arcadyan-based Routers and Modems, I had reported about the CVE-2021-20090 vulnerability of routers and modems from Taiwan-based vendor Arcadyan. Authentication can be bypassed via this vulnerability. The routers and modems are sold under many trade names by other manufacturers. At Telekom, this affects the Speedport Smart 3, at Vodafone the EasyBox 802, 903 and 904. Already in this article, the security researchers from Juniper describe that the vulnerability in question is already being exploited in the wild.
Vulnerabilities CVE-2021-35394 and CVE-2021-35395 in the RealTek SDK
At the end of August 2021, in the blog post Vulnerabilities in Realtek SDK put IoT devices at risk, I had then reported on several vulnerabilities in a RealTek SDK. The vulnerabilities in the Realtek SDK allow unauthenticated enable to fully compromise a device and execute arbitrary code with the highest privileges.
The SDK is used by many OEMs to implement WiFi features in devices. Realtek has released an updated version of the SDK, but the code is in numerous IoT devices. At least 65 manufacturers are affected by serious vulnerabilities, and users face the problem that these devices can be taken over by botnets and attackers.
Attack on CVE-2021-35394 and CVE-2021-35395
Security researchers at Juniper Threat Lab have found that threat actors recently observed exploiting CVE-2021-20090 are now actively exploiting CVE-2021-35394. I came across the facts via the following tweet.
Advertising
That's the vulnerability mentioned above, discovered last week by the IoT Inspector Research Lab in the SDK for Realtek RTL8xxx SoC chipsets. The whole thing is described in this blog post from Juniper. According to the above tweet, the CVE-2021-35395 vulnerability is also already under attack in the wild.
Advertising