Botnet attacks vulnerable devices with Realtek SDK on board

Botnet attacks vulnerable devices with Realtek SDK on board

SAM, an IoT security company, has discovered a botnet attacking devices using the Realtek SDK, which have recently been identified with vulnerabilities.

Let me remind you that bugs in the Realtek SDK were found by IoT Inspector, and they affect about a million devices, including travel routers, Wi-Fi repeaters, IP cameras for lightning gateways, smart toys and other devices. In total, more than 200 models of at least 65 vendors are vulnerable, including AIgital, ASUSTek, Beeline, Belkin, Buffalo, D-Link, Edimax, Huawei, LG, Logitec, MT-Link, Netis, Netgear, Occtel, PATECH, TCL, Sitecom, TCL , ZTE, Zyxel, as well as Realtek’s own line of routers.

According to SAM, attacks on the discovered problems began just three days after the IoT Inspector experts disclosed information about the vulnerabilities.

The most serious of the bugs found can be safely called the CVE-2021-35395 vulnerability, which scored 9.8 points out of 10 on the CVSS scale. This issue allows a remote attacker to connect to the web panel using a malformed URL, bypass authentication, and run malicious code with the highest privileges.

Although Realtek released the patches the day before the IoT Inspector released their research, it wasn’t long enough for device vendors to roll out the updates. That is, the vast majority of problematic devices still use outdated firmware (and outdated Realtek SDK) and are vulnerable to attacks. According to SAM, the following vulnerable devices are most often found on the network:

  • extender Netis E1 +;
  • Edimax N150 and N300 Wi-Fi routers;
  • Repotec RP-WR5444 router.

SAM analysts write that now vulnerable devices are attacked by the same Mirai-based botnet, which was recently seen in attacks on devices with Arcadyan firmware.

Catch up on more stories here

Follow us on Facebook here

Leave a Reply