CVE-2021-35394

Vulnerability updated 2 months ago (2024-11-29T14:02:46.985Z)
Download STIX
Preview STIX
The CVE-2021-35394 vulnerability, a flaw in the software design or implementation of Realtek Jungle SDK, has seen significant exploitation by threat actors. From August to October 2022, the number of attacks attempting to exploit this remote code execution vulnerability accounted for more than 40% of the total number of attacks observed in the wild. This high volume of attacks exploiting the Realtek Jungle SDK vulnerability significantly skewed the distribution of CVE numbers in attacks during this period compared to previous quarters. In-depth analysis revealed that the attacks against the Realtek Jungle SDK remote code execution vulnerability constituted 71.4% of all critical attacks and 41.8% of the total number of attacks. The scale and frequency of these attacks underscore the severity and widespread use of this vulnerability by malicious actors. The data suggests that the vulnerability was a preferred tool for threat actors during the period under review. By April 2023, FortiGuard Labs researchers observed an ongoing hacking campaign targeting not only the Realtek (CVE-2021-35394) vulnerability but also another vulnerability, Cacti (CVE-2022-46169). These vulnerabilities were being exploited to spread ShellBot and Moobot malware. The continued exploitation of the Realtek Jungle SDK vulnerability into 2023 highlights its persistent threat and the importance of addressing such security flaws promptly.
Description last updated: 2024-05-04T19:28:59.330Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Fortiguard
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Moobot Malware is associated with CVE-2021-35394. Moobot is a malicious software (malware) that is based on the Mirai platform. This malware was designed to infiltrate devices and systems, often through suspicious downloads, emails, or websites without user knowledge. Once inside a system, Moobot facilitated targeted attacks against various entitieUnspecified
3
The Shellbot Malware is associated with CVE-2021-35394. ShellBot is a malicious software (malware) variant that has been actively targeting poorly managed Linux SSH servers. As reported by Hacker News and HackRead in March 2023, this Perl-based DDoS bot deploys different variants to exploit these servers. ShellBot, along with another DDoS malware called Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2022-46169 Vulnerability is associated with CVE-2021-35394. CVE-2022-46169 is a critical pre-authentication command injection vulnerability discovered in the Cacti network operations framework. This flaw, which existed in all versions of Cacti up to 1.2.22, could be exploited by threat actors to deliver malware, thereby compromising the security of systems uUnspecified
2
Source Document References
Information about the CVE-2021-35394 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
Securityaffairs
a year ago
Unit42
2 years ago
Unit42
2 years ago
Fortinet
2 years ago
CERT-EU
2 years ago
Securityaffairs
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
Unit42
2 years ago