CVE-2026-36355
published 2026-05-05CVE-2026-36355: The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the…
PriorityP351high7.7CVSS 3.1
AVLACLPRNUINSUCHIHAN
EXPLOIT
EPSS
0.68%
47.7th percentile
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the unconditionally defined _IOCTL_DEBUG_CMD_ macro in 8192cd_cfg.h
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j39q-3p58-f4c8: The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3
ghsa_unreviewed·2026-05-05
CVE-2026-36355 [HIGH] CWE-200 GHSA-j39q-3p58-f4c8: The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3
The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the unconditionally defined _IOCTL_DEBUG_CMD_ macro in 8192cd_cfg.h
VulDB
Realtek rtl819x Jungle SDK up to 3.4.14B rtl8192cd Wi-Fi Kernel Driver 8192cd_cfg.h _IOCTL_DEBUG_CMD_ access control
vuldb·2026-05-05·CVSS 7.7
CVE-2026-36355 [HIGH] Realtek rtl819x Jungle SDK up to 3.4.14B rtl8192cd Wi-Fi Kernel Driver 8192cd_cfg.h _IOCTL_DEBUG_CMD_ access control
A vulnerability classified as critical has been found in Realtek rtl819x Jungle SDK up to 3.4.14B. This affects the function _IOCTL_DEBUG_CMD_ in the library 8192cd_cfg.h of the component rtl8192cd Wi-Fi Kernel Driver. This manipulation causes improper access controls.
This vulnerability is handled as CVE-2026-36355. The attack can only be done within the local network. There is not any exploit available.
No detection rules found.
No writeups or analysis indexed.
2026-05-05
Published