NotCVE - vendor:"Realtek"

Page 8 of 62 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-36923

https://notcve.org/view.php?id=CVE-2021-36923

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. El archivo RtsUpx.sys en Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio versiones hasta 1.14.0.0, permite a usuarios locales poco privilegiado lograr un acceso no autorizado a las instrucciones de entrada y salida privilegiadas del dispositivo USB (conllevando a una escalada de privilegios, denegación de servicio, ejecución de código y divulgación de información) por medio de un paquete de control de entrada y salida del dispositivo diseñado • https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf https://www.sentinelone.com/resources/category/report •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-36922

https://notcve.org/view.php?id=CVE-2021-36922

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. El archivo RtsUpx.sys en Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio versiones hasta 1.14.0.0, permite a usuarios locales poco privilegiado conseguir acceso no autorizado a los dispositivos USB (escalada de privilegios, denegación de servicio, ejecución de código y divulgación de información) por medio de un paquete de control de entrada y salida del dispositivo diseñado • https://www.realtek.com/images/safe-report/Realtek_RtsUpx_Security_Advisory_Report.pdf https://www.sentinelone.com/resources/category/report •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-35392

https://notcve.org/view.php?id=CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. Realtek Jungle SDK versiones v2.x hasta v3.4.14B, proporciona un servidor "WiFi Simple Config" que implementa los protocolos UPnP y SSDP. El binario es usualmente llamado wscd o mini_upnpd y es el sucesor de miniigd. • https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1

CVE-2021-35393

https://notcve.org/view.php?id=CVE-2021-35393

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device. Realtek Jungle SDK versiones v2.x hasta v3.4.14B, proporciona un servidor "WiFi Simple Config" que implementa los protocolos UPnP y SSDP. • https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 1

CVE-2021-35394 – Realtek Jungle SDK Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-35394

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers. SDK de Realtek Jungle versiones v2.x hasta v3.4.14B, proporciona una herramienta de diagnóstico llamada "MP Daemon" que normalmente es compilado como binario "UDPServer". El binario está afectado por múltiples vulnerabilidades de corrupción de memoria y una vulnerabilidad de inyección de comandos arbitrarios que puede ser explotada por atacantes no autenticados remotos. RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. • https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf https://www.securityfocus.com/archive/1/534765 •

1...6 7 8 9 10