Realtek Rtl819X Jungle Software Development Kit vulnerabilities
23 known vulnerabilities affecting realtek/rtl819x_jungle_software_development_kit.
Total CVEs
23
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH20
Vulnerabilities
Page 1 of 2
CVE-2021-35394P1CRITICALCVSS 9.8KEVPoC≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35394 [CRITICAL] CWE-78 CVE-2021-35394: Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
nvd
CVE-2021-35395P1CRITICALCVSS 9.8KEVPoC≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35395 [CRITICAL] CVE-2021-35395: Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management int
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries ar
nvd
CVE-2023-50381P2HIGHCVSS 7.2Exploitedv3.4.112024-07-08
CVE-2023-50381 [HIGH] CWE-78 CVE-2023-50381: Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's pa
nvd
CVE-2021-35392P2HIGHCVSS 7.5PoC≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35392 [HIGH] CWE-787 CVE-2021-35392: Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implement
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH mess
nvd
CVE-2021-35393P1CRITICALCVSS 9.8≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35393 [CRITICAL] CWE-787 CVE-2021-35393: Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implement
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE
nvd
CVE-2023-50382P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50382 [HIGH] CWE-78 CVE-2023-50382: Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's paramet
nvd
CVE-2023-50383P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50383 [HIGH] CWE-78 CVE-2023-50383: Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x
Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parame
nvd
CVE-2023-50244P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50244 [HIGH] CWE-121 CVE-2023-50244: Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` req
nvd
CVE-2023-50243P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50243 [HIGH] CWE-121 CVE-2023-50243: Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek
Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` reques
nvd
CVE-2023-50240P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50240 [HIGH] CWE-121 CVE-2023-50240: Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionali
Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `
nvd
CVE-2023-50239P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50239 [HIGH] CWE-121 CVE-2023-50239: Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionali
Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `
nvd
CVE-2023-47856P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-47856 [HIGH] CWE-121 CVE-2023-47856: A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of
A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-41251P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-41251 [HIGH] CWE-121 CVE-2023-41251: A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl
A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2023-48270P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-48270 [HIGH] CWE-121 CVE-2023-48270: A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl
A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-49595P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-49595 [HIGH] CWE-121 CVE-2023-49595: A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of
A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-49867P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-49867 [HIGH] CWE-121 CVE-2023-49867: A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl81
A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
nvd
CVE-2023-50330P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50330 [HIGH] CWE-121 CVE-2023-50330: A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl81
A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
nvd
CVE-2023-45215P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-45215 [HIGH] CWE-121 CVE-2023-45215: A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realt
A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-49073P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-49073 [HIGH] CWE-121 CVE-2023-49073: A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rt
A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-45742P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-45742 [HIGH] CWE-190 CVE-2023-45742: An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek r
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
1 / 2Next →