CVE-2021-35394

CRITICAL KEV NUCLEI

Realtek Jungle SDK <3.4.14B - RCE

Title source: llm

Description

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.

Nuclei Templates (1)

RealTek AP Router SDK - Arbitrary Command Injection

CRITICALby king-alexander

References (5)

[Broken Link, Exploit, Third Party Advisory] https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain

[Broken Link, Patch, Vendor Advisory] https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en

[Patch, Vendor Advisory] https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf

[Broken Link, Third Party Advisory, VDB Entry] https://www.securityfocus.com/archive/1/534765

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35394

Scores

CVSS v3 9.8

EPSS 0.9422

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-12-10

VulnCheck KEV 2021-08-27

InTheWild.io 2021-08-24

ENISA EUVD EUVD-2021-22037

CWE

CWE-78

Status published

Products (1)

realtek/rtl819x_jungle_software_development_kit 2.0 - 3.4.14b

Published Aug 16, 2021

KEV Added Dec 10, 2021

Tracked Since Feb 18, 2026