Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HRealtek Rtl819x Jungle Software Development Kit
APPRealtek2.0 – 3.4.14b
CISA KEV — detailsi
- Vendori
- Realtek
- Producti
- Jungle Software Development Kit (SDK)
- Added to KEVi
- December 10, 2021
- Remediation deadline (US Federal)i
- December 24, 2021(overdue)
Apply updates per vendor instructions.
RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
Related vulnerabilities
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface tha...
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPn...
A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4....
A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungl...
A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x...