Juniper: RealTek vulnerabilities CVE-2021-35394 and CVE-2021-35395 are attacked in the wild

Sicherheit (Pexels, allgemeine Nutzung)[German]Security researchers from Juniper Networks are sounding the alarm. Already since the first week of August 2021, model and routers from the manufacturer Arcadyan (installed in many OEM devices) have been attacked via vulnerability CVE-2021-20090. Now, attacks on vulnerability CVE-2021-35394 and CVE-2021-35395 on IoT devices with RealTek SOCs are also observed in the wild.


Advertising

Vulnerability CVE-2021-20090 in devices

On August 2, 2021, in the blog post Authentication Vulnerability CVE-2021-20090 in Arcadyan-based Routers and Modems, I had reported about the CVE-2021-20090 vulnerability of routers and modems from Taiwan-based vendor Arcadyan. Authentication can be bypassed via this vulnerability. The routers and modems are sold under many trade names by other manufacturers. At Telekom, this affects the Speedport Smart 3, at Vodafone the EasyBox 802, 903 and 904. Already in this article, the security researchers from Juniper describe that the vulnerability in question is already being exploited in the wild.   

Vulnerabilities CVE-2021-35394 and CVE-2021-35395 in the RealTek SDK

At the end of August 2021, in the blog post Vulnerabilities in Realtek SDK put IoT devices at risk, I had then reported on several vulnerabilities in a RealTek SDK. The vulnerabilities in the Realtek SDK allow unauthenticated enable to fully compromise a device and execute arbitrary code with the highest privileges.

The SDK is used by many OEMs to implement WiFi features in devices. Realtek has released an updated version of the SDK, but the code is in numerous IoT devices. At least 65 manufacturers are affected by serious vulnerabilities, and users face the problem that these devices can be taken over by botnets and attackers.

Attack on CVE-2021-35394 and CVE-2021-35395

Security researchers at Juniper Threat Lab have found that threat actors recently observed exploiting CVE-2021-20090 are now actively exploiting CVE-2021-35394. I came across the facts via the following tweet.


Advertising

That's the vulnerability mentioned above, discovered last week by the IoT Inspector Research Lab in the SDK for Realtek RTL8xxx SoC chipsets. The whole thing is described in this blog post from Juniper. According to the above tweet, the CVE-2021-35395 vulnerability is also already under attack in the wild.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *