CVE-2021-35394

Vulnerability updated 4 months ago (2024-05-04T20:17:34.306Z)
Download STIX
Preview STIX
The CVE-2021-35394 vulnerability, a flaw in the software design or implementation of Realtek Jungle SDK, has seen significant exploitation by threat actors. From August to October 2022, the number of attacks attempting to exploit this remote code execution vulnerability accounted for more than 40% of the total number of attacks observed in the wild. This high volume of attacks exploiting the Realtek Jungle SDK vulnerability significantly skewed the distribution of CVE numbers in attacks during this period compared to previous quarters. In-depth analysis revealed that the attacks against the Realtek Jungle SDK remote code execution vulnerability constituted 71.4% of all critical attacks and 41.8% of the total number of attacks. The scale and frequency of these attacks underscore the severity and widespread use of this vulnerability by malicious actors. The data suggests that the vulnerability was a preferred tool for threat actors during the period under review. By April 2023, FortiGuard Labs researchers observed an ongoing hacking campaign targeting not only the Realtek (CVE-2021-35394) vulnerability but also another vulnerability, Cacti (CVE-2022-46169). These vulnerabilities were being exploited to spread ShellBot and Moobot malware. The continued exploitation of the Realtek Jungle SDK vulnerability into 2023 highlights its persistent threat and the importance of addressing such security flaws promptly.
Description last updated: 2024-05-04T19:28:59.330Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Fortiguard
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
MoobotUnspecified
3
Moobot is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate these systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat
ShellbotUnspecified
2
ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2022-46169Unspecified
2
CVE-2022-46169 is a critical pre-authentication command injection vulnerability discovered in the Cacti network operations framework. This flaw, which existed in all versions of Cacti up to 1.2.22, could be exploited by threat actors to deliver malware, thereby compromising the security of systems u
Source Document References
Information about the CVE-2021-35394 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
6 months ago
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Securityaffairs
7 months ago
US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
Unit42
2 years ago
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
Unit42
2 years ago
Network Security Trends: August-October 2022
Fortinet
a year ago
Moobot Strikes Again - Targeting Cacti And RealTek Vulnerabilities | FortiGuard Labs
CERT-EU
a year ago
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Securityaffairs
a year ago
Moobot botnet spreads by targeting Cacti and RealTek flaws
CERT-EU
a year ago
Impact of 3CX supply chain attack still examined as company admits gaps
CERT-EU
a year ago
Malware botnets spread through Cacti, Realtek flaws
CERT-EU
a year ago
AudienceView cyberattack impacts US, Canadian colleges, universities
Unit42
a year ago
Network Security Trends: November 2022-January 2023