CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2021-35394

CVSS 9.8v3.1pub. 2021-08-16upd. 2025-11-07

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Realtek Rtl819x Jungle Software Development Kit

    APP
    Realtek
    2.0 – 3.4.14b

CISA KEV — detailsi

Vendori
Realtek
Producti
Jungle Software Development Kit (SDK)
Added to KEVi
December 10, 2021
Remediation deadline (US Federal)i
December 24, 2021(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 24 grudnia 2021
Tags
Auth BypassCommand Injection
CWE
References

Related vulnerabilities

CVE-2021-35395CRITICAL9.8⚠ KEVten sam produkt

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface tha...

CVE-2021-35393CRITICAL9.8ten sam produkt

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPn...

CVE-2023-34435HIGH7.2ten sam produkt

A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4....

CVE-2023-41251HIGH7.2ten sam produkt

A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungl...

CVE-2023-45215HIGH7.2ten sam produkt

A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x...