CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43573
https://notcve.org/view.php?id=CVE-2021-43573
11 Nov 2021 — A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame. Se ha detectado un desbordamiento del búfer en los dispositivos Realtek RTL8195AM versiones anteriores a 2.0.10. Se presenta en el código del cliente cuando se procesa una longitud de IE malformada de la información de capacidad HT en la trama de respuesta de Beacon y Association • https://www.amebaiot.com/en/security_bulletin/cve-2021-43573 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36925
https://notcve.org/view.php?id=CVE-2021-36925
02 Nov 2021 — RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. El archivo RtsUpx.sys en Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio versiones hasta 1.14.0.0, permite a usuarios locales poco privilegiado realizar una ope... • https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36924
https://notcve.org/view.php?id=CVE-2021-36924
02 Nov 2021 — RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device. El archivo RtsUpx.sys en Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio versiones hasta 1.14.0.0, permite a usuarios locales poco privilegiado conseguir un desbordamiento de la reserva (conllevando a una escalada de privilegios,... • https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36923
https://notcve.org/view.php?id=CVE-2021-36923
02 Nov 2021 — RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. El archivo RtsUpx.sys en Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio versiones hasta 1.14.0.0, permite a usuarios locales poco privilegiado lograr u... • https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36922
https://notcve.org/view.php?id=CVE-2021-36922
02 Nov 2021 — RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. El archivo RtsUpx.sys en Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio versiones hasta 1.14.0.0, permite a usuarios locales poco privilegiado conseguir acceso no autorizado a los dispositivos USB... • https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf •
CVSS: 7.8EPSS: 79%CPEs: 1EXPL: 1CVE-2021-35392
https://notcve.org/view.php?id=CVE-2021-35392
16 Aug 2021 — Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. Realtek Jungle SDK versiones v2.x hasta v3.4.14B, proporciona un servidor "WiFi Simple Config" que implementa los protocolos UPnP y SSDP. El bi... • https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 9%CPEs: 1EXPL: 1CVE-2021-35393
https://notcve.org/view.php?id=CVE-2021-35393
16 Aug 2021 — Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device. Re... • https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 1CVE-2021-35394 – Realtek Jungle SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-35394
16 Aug 2021 — Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers. SDK de Realtek Jungle versiones v2.x hasta v3.4.14B, proporciona una herramienta de diagnóstico llamada "MP Daemon" que normalmente es compilado como binario "UDPServer". El binario está afectad... • https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 1CVE-2021-35395 – Realtek AP-Router SDK Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-35395
16 Aug 2021 — Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in form... • https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2021-32537 – Realtek High definition audio Windows driver crashed
https://notcve.org/view.php?id=CVE-2021-32537
07 Jul 2021 — Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed. Realtek HAD contiene una vulnerabilidad de bloqueo del controlador que permite a los atacantes del lado local enviar una cadena especial al controlador del kernel en un modo de usuario. Debido a los comandos inesperados, el controlador del kernel hará que el sistema se bloquee • https://packetstorm.news/files/id/163498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •