Vulnerabilities > CVE-2021-35394 - Unspecified vulnerability in Realtek Jungle SDK
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Related news
- Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices (source)
- Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices (source)
- Botnets exploited Realtek SDK critical bug in millions of attacks (source)
- Malware exploited critical Realtek SDK bug in millions of attacks (source)
- Realtek Vulnerability Under Attack: 134 Million Attempts in 2 Months to Hack IoT Devices (source)
- Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices (source)
- Realtek and Cacti flaws now actively exploited by malware botnets (source)
- Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation (source)
References
- https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain
- https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain
- https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en
- https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en
- https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
- https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
- https://www.securityfocus.com/archive/1/534765
- https://www.securityfocus.com/archive/1/534765