CVSS: 8.3EPSS: 1%CPEs: 3EXPL: 0CVE-2023-50330
https://notcve.org/view.php?id=CVE-2023-50330
08 Jul 2024 — A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad boa getInfo de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a l... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1903 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 1%CPEs: 3EXPL: 0CVE-2023-49867
https://notcve.org/view.php?id=CVE-2023-49867
08 Jul 2024 — A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad boa formWsc de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a l... • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1904 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25477
https://notcve.org/view.php?id=CVE-2022-25477
02 Jul 2024 — Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR. Una vulnerabilidad en el controlador Realtek RtsPer para lector de tarjetas PCIe (RtsPer.sys) anterior a 10.0.22000.21355 y el controlador Realtek RtsUer para lector de tarjetas USB (RtsUer.sys) anterior a 10.0.22000.31274 filtra registros de control... • http://realtek.com • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25478
https://notcve.org/view.php?id=CVE-2022-25478
02 Jul 2024 — Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device. Una vulnerabilidad en el controlador Realtek RtsPer para lector de tarjetas PCIe (RtsPer.sys) anterior a 10.0.22000.21355 y el controlador Realtek RtsUer para lector de tarjetas USB (RtsUer.sys) anterior a 10.0.22000.31274 proporciona acceso de lectura y ... • http://realtek.com •
CVSS: 6.1EPSS: 1%CPEs: 4EXPL: 1CVE-2022-25479
https://notcve.org/view.php?id=CVE-2022-25479
02 Jul 2024 — Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap. Una vulnerabilidad en el controlador Realtek RtsPer para lector de tarjetas PCIe (RtsPer.sys) anterior a 10.0.22000.21355 y el controlador Realtek RtsUer para lector de tarjetas USB (RtsUer.sys) anterior a 10.0.22000.31274 permite la pérdida de memoria del k... • https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-25480
https://notcve.org/view.php?id=CVE-2022-25480
02 Jul 2024 — Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP. Una vulnerabilidad en el controlador Realtek RtsPer para lector de tarjetas PCIe (RtsPer.sys) anterior a 10.0.22000.21355 y el controlador Realtek RtsUer para lector de tarjetas USB (RtsUer.sys) anterior a 10.0.22000.31274 permite escribir en la memoria del kernel... • http://realtek.com • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33224
https://notcve.org/view.php?id=CVE-2024-33224
22 May 2024 — An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Un problema en el componente rtkio64.sys de Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 permite a los atacantes escalar privilegios y ejecutar código arbitrario mediante el envío de solicitudes IOCTL manipuladas. • https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33224 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-26652
https://notcve.org/view.php?id=CVE-2020-26652
22 Aug 2023 — An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. Se ha descubierto un problema en la función nl80211_send_chandef en rtl8812au v5.6.4.2 que permite a los atacantes provocar una denegación de servicio. • https://github.com/aircrack-ng/rtl8812au/issues/730 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-40740 – Realtek GPON router - Command Injection
https://notcve.org/view.php?id=CVE-2022-40740
03 Jan 2023 — Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service. • https://www.twcert.org.tw/tw/cp-132-6831-19121-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32967 – Realtek RTL8111EP-CG/RTL8111FP-CG - Use of Hard-coded Credentials
https://notcve.org/view.php?id=CVE-2022-32967
29 Nov 2022 — RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information. La función DASH RTL8111EP-CG/RTL8111FP-CG tiene una contraseña codificada. Un atacante físico no autenticado puede utilizar la contraseña predeterminada codificada durante el reinicio del sistema activado por otro usuario, para adquirir inf... • https://www.twcert.org.tw/tw/cp-132-6740-ba9bd-1.html • CWE-798: Use of Hard-coded Credentials •