Filtered by vendor Realtek Subscriptions
Total 43 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-8361 3 Aterm, Dlink, Realtek 49 W1200ex, W1200ex-ms, W1200ex-ms Firmware and 46 more 2024-06-27 9.8 Critical
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
CVE-2008-5664 1 Realtek 1 Realtek Media Player 2024-02-14 N/A
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
CVE-2021-32537 1 Realtek 1 Hda Driver 2023-11-07 6.5 Medium
Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed.
CVE-2020-26652 1 Realtek 2 Rtl8812au, Rtl8812au Firmware 2023-08-25 7.5 High
An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.
CVE-2021-35395 1 Realtek 1 Realtek Jungle Sdk 2023-08-08 9.8 Critical
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.
CVE-2021-35394 1 Realtek 1 Realtek Jungle Sdk 2023-08-08 9.8 Critical
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
CVE-2022-40740 1 Realtek 2 Usdk, Xpon Software Development Kit 2023-07-10 7.2 High
Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
CVE-2022-32966 1 Realtek 2 Rtl8111fp-cg, Rtl8111fp-cg Firmware 2022-11-30 6.5 Medium
RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.
CVE-2022-32967 1 Realtek 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more 2022-11-30 2.1 Low
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
CVE-2022-34326 1 Realtek 2 Rtl8195am, Rtl8195am Firmware 2022-10-15 7.5 High
In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.
CVE-2022-27255 1 Realtek 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more 2022-09-30 9.8 Critical
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
CVE-2022-26527 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2022-09-02 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-26528 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2022-09-02 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-26529 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2022-09-02 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-25635 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2022-09-01 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
CVE-2022-29558 1 Realtek 1 Rtl819x Software Development Kit 2022-08-04 8.8 High
Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.
CVE-2021-36923 1 Realtek 1 Rtsupx Usb Utility Driver 2022-07-12 7.8 High
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
CVE-2021-36924 1 Realtek 1 Rtsupx Usb Utility Driver 2022-07-12 7.8 High
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device.
CVE-2021-36922 1 Realtek 1 Rtsupx Usb Utility Driver 2022-07-12 7.8 High
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
CVE-2022-21742 1 Realtek 14 Rtl8152b, Rtl8152b Firmware, Rtl8153 and 11 more 2022-07-05 6.5 Medium
Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.