I saw a recent article on SecurityWeek.com regarding a Realtek SDK vulnerability that exposes a LOT of routers to remote attacks, and was classified as “high severity”.
Per the article (Aug 12), they said the vulnerability can be exploited remotely from the internet, and no user interaction was needed. An article posted on Aug 23 said it’s being widely exploited now.
Aug 12: https://www.securityweek.com/realtek-sdk-vulnerability-exposes-routers-many-vendors-remote-attacks
Aug 23: https://www.securityweek.com/realtek-sdk-vulnerabilities-exploited-attacks-days-after-disclosure
From the Aug 23 article:
IoT Inspector researchers identified more than a dozen vulnerabilities in the SDKs provided by Realtek to companies that use its RTL8xxx chips. Some of the security holes can be exploited by a remote, unauthenticated attacker to take complete control of a targeted device.
IoT inspector identified nearly 200 unique types of affected devices from a total of 65 different vendors, including routers, IP cameras, Wi-Fi repeaters and residential gateways from companies such as ASUS, Belkin, D-Link, Huawei, LG, Logitech, Netgear, ZTE and Zyxel.
The firm estimated that there could be as many as one million systems that are exposed to remote attacks due to these vulnerabilities.
Four CVE identifiers have been assigned to the flaws: CVE-2021-35392, CVE-2021-35393, CVE-2021-35394 and CVE-2021-35395. According to SAM, CVE-2021-35395, which comprises six different bugs, has been exploited in the wild to deliver a variant of the Mirai IoT malware.
The malware appears to be a Mirai variant detailed by Palo Alto Networks in March. The cybersecurity firm warned at the time that the botnet powered by this malware had been exploiting 10 different vulnerabilities in an effort to hijack IoT devices, and noted that new exploits were sometimes added within hours after a flaw was disclosed.
Is this something to be concerned about with Pepwave products?