CVE-2021-35394
CRITICAL KEV NUCLEIRealtek RTL819x Jungle SDK 2.0-3.4.14b - Unauthenticated OS Command Injection via MP Daemon UDPServer
Title source: llmExploitation Summary
CVE-2021-35394 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 10, 2021. A Nuclei detection template is also available.
Description
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
Nuclei Templates (1)
RealTek AP Router SDK - Arbitrary Command Injection
CRITICALby king-alexander
References (5)
Core 5
Core References
Broken Link, Third Party Advisory, VDB Entry x_refsource_misc
https://www.securityfocus.com/archive/1/534765
Broken Link, Patch, Vendor Advisory x_refsource_misc
https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en
Patch, Vendor Advisory x_refsource_misc
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
Broken Link, Exploit, Third Party Advisory x_refsource_misc
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-35394
Scores
CVSS v3
9.8
EPSS
0.9422
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2021-12-10
VulnCheck KEV
2021-08-27
InTheWild.io
2021-08-24
ENISA EUVD
EUVD-2021-22037
CWE
CWE-78
Status
published
Products (1)
realtek/rtl819x_jungle_software_development_kit
2.0 - 3.4.14b
Published
Aug 16, 2021
KEV Added
Dec 10, 2021
Tracked Since
Feb 18, 2026