CVE-2021-35394
Realtek Jungle SDK Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
SDK de Realtek Jungle versiones v2.x hasta v3.4.14B, proporciona una herramienta de diagnóstico llamada "MP Daemon" que normalmente es compilado como binario "UDPServer". El binario está afectado por múltiples vulnerabilidades de corrupción de memoria y una vulnerabilidad de inyección de comandos arbitrarios que puede ser explotada por atacantes no autenticados remotos.
RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-23 CVE Reserved
- 2021-08-16 CVE Published
- 2021-12-10 Exploited in Wild
- 2021-12-24 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-02 EPSS Updated
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://www.securityfocus.com/archive/1/534765 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en | 2023-08-08 | |
| https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf | 2023-08-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Realtek Search vendor "Realtek" | Realtek Jungle Sdk Search vendor "Realtek" for product "Realtek Jungle Sdk" | >= 2.0 <= 3.4.14b Search vendor "Realtek" for product "Realtek Jungle Sdk" and version " >= 2.0 <= 3.4.14b" | - |
Affected
| ||||||