Attackers Target Hundreds of Thousands of Devices by Exploiting Realtek SDK Flaw

A Mirai-based botnet is exploiting a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices including 200 models from at least 65 vendors; the vendors include companies like Asus, Belkin, Netgear, D-Link, Tenda, ZTE, and Zyxel.

The security flaw that was discovered by IoT Inspector security researchers is now referenced as CVE-2021-35395 and was given a severity rating of 9.8/10.

Many wireless devices that are exposed to the internet from residential gateways and travel routers to Wi-Fi repeaters, IP cameras, smart lightning gateways or connected toys are impacted.

By affecting the management web interface, the bug allows remote attackers to scan for unpatched devices and then attempt to hack them so that they can execute arbitrary code remotely.

Although Realtek released a patch for the vulnerability three days before it was made public, vulnerable device owners had little time to apply it before their devices were attacked.

Read original article here www.bleepingcomputer.com/news/security/botnet-targets-hundreds-of-thousands-of-devices-using-realtek-sdk

Don’t get caught up by your ISP router. Upgrade to a Techtroubleshooters firewall security appliance today. Contact us today by filling out the form below:

4 + 8 =