CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-35394

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.943

EPSS Ranking 99.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

Proposed Action

RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

Ransomware Campaign

Unknown

References

https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain
https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
https://www.securityfocus.com/archive/1/534765
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain
https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
https://www.securityfocus.com/archive/1/534765

Products affected by CVE-2021-35394

Realtek » Jungle Sdk » Version: Any

cpe:2.3:a:realtek:jungle_sdk:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35394

Products

Pricing

Contact Us