← Retour aux CVEs
CVE-2021-35394
CRITICALCISA KEV9.8
Description
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie8/16/2021
Derniere modification11/7/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurRealtek
ProduitJungle Software Development Kit (SDK)
Nom vulnerabiliteRealtek Jungle SDK Remote Code Execution Vulnerability
Date ajout KEV2021-12-10
Date limite remediation2021-12-24
Utilise dans ransomwareUnknown
Produits affectes
realtek:rtl819x_jungle_software_development_kit
Faiblesses (CWE)
CWE-78
References
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain(cve@mitre.org)
https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en(cve@mitre.org)
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf(cve@mitre.org)
https://www.securityfocus.com/archive/1/534765(cve@mitre.org)
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain(af854a3a-2127-422b-91ae-364da2661108)
https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en(af854a3a-2127-422b-91ae-364da2661108)
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://www.securityfocus.com/archive/1/534765(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35394(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.