Stack Buffer Overflow in Realtek Jungle SDK WiFi Configuration
CVE-2021-35393

9.8CRITICAL

Key Information:

Vendor

Realtek

Status
Realtek Jungle Sdk
Vendor
CVE Published:
16 August 2021

What is CVE-2021-35393?

The Realtek Jungle SDK versions v2.x through v3.4.14B contain a vulnerability in the 'WiFi Simple Config' server, which supports both UPnP and SSDP protocols. This flaw is due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header, leading to a stack buffer overflow. If successfully exploited, this vulnerability allows remote unauthenticated attackers to execute arbitrary code on the affected devices, jeopardizing the security and integrity of the network.

References

https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en
x_refsource_MISC
https://www.realtek.com/images/safe-report/Realtek_APRout...
x_refsource_MISC
https://www.iot-inspector.com/blog/advisory-multiple-issu...
x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-35393 : Stack Buffer Overflow in Realtek Jungle SDK WiFi Configuration