Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
References
Link | Resource |
---|---|
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain | Exploit Third Party Advisory |
https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en | Patch Vendor Advisory |
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf | Patch Vendor Advisory |
https://www.securityfocus.com/archive/1/534765 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-16T11:07:38
Updated: 2021-08-16T11:07:38
Reserved: 2021-06-23T00:00:00
Link: CVE-2021-35394
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-16T12:15:07.267
Modified: 2023-08-08T14:21:49.707
Link: CVE-2021-35394
JSON object: View
Redhat Information
No data.
CWE