JSC State Technical Service

The KZ-CERT Computer emergency response team of JSC “State Technical Service”, as part of monitoring the Kazakhstani segment of the Internet for information security threats, reports on the relevance of a vulnerability with the identifier CVE-2021-35395 associated with Realtek SDK chipsets.

It is worth noting that the company Realtek Semiconductor is engaged in the development of integrated circuits.

According to open sources, this vulnerability affects about a million devices, including routers for travel, Wi-Fi repeaters, IP cameras for lightning gateways, various “smart” devices and others. In total, more than 200 models of at least 65 device manufacturers affected by this vulnerability.

The vulnerability allows attackers to completely compromise vulnerable devices and gain control over them. CVE-2021-35395 affects the web interface, which is part of the SDK (software development kit).

What does all this threaten? Possible risks and threats:

 RCE attacks – remote execution of malicious code;
 Pass security restrictions;
 Compromising the system.

KZ-CERT Recommendations:

 It is recommended to update the Realtek SDK software to the final version with fixed vulnerabilities;
 Check the server for possible RCE attacks. When confirming the attack, we recommend changing passwords from accounts that could have been compromised;
 Check log files for third-party requests and anomalies.

In order to avoid possible attacks on devices with SDK chipsets in the Kazakhstan segment of the Internet, the KZ-CERT Computer emergency response team has sent appropriate notifications to Internet service providers for further notification of its subscribers about the threat of information security.