cbcvebase.

Realtek Rtl819X Jungle Software Development Kit vulnerabilities

23 known vulnerabilities affecting realtek/rtl819x_jungle_software_development_kit.

Total CVEs
23
CISA KEV
2
actively exploited
Public exploits
3
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH20

Vulnerabilities

Page 1 of 2
CVE-2021-35394P1CRITICALCVSS 9.8KEVPoC≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35394 [CRITICAL] CWE-78 CVE-2021-35394: Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
nvd
CVE-2021-35395P1CRITICALCVSS 9.8KEVPoC≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35395 [CRITICAL] CVE-2021-35395: Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management int Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries ar
nvd
CVE-2023-50381P2HIGHCVSS 7.2Exploitedv3.4.112024-07-08
CVE-2023-50381 [HIGH] CWE-78 CVE-2023-50381: Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's pa
nvd
CVE-2021-35392P2HIGHCVSS 7.5PoC≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35392 [HIGH] CWE-787 CVE-2021-35392: Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implement Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH mess
nvd
CVE-2021-35393P1CRITICALCVSS 9.8≥ 2.0, ≤ 3.4.14b2021-08-16
CVE-2021-35393 [CRITICAL] CWE-787 CVE-2021-35393: Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implement Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE
nvd
CVE-2023-50382P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50382 [HIGH] CWE-78 CVE-2023-50382: Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's paramet
nvd
CVE-2023-50383P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50383 [HIGH] CWE-78 CVE-2023-50383: Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parame
nvd
CVE-2023-50244P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50244 [HIGH] CWE-121 CVE-2023-50244: Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` req
nvd
CVE-2023-50243P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50243 [HIGH] CWE-121 CVE-2023-50243: Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` reques
nvd
CVE-2023-50240P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50240 [HIGH] CWE-121 CVE-2023-50240: Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionali Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `
nvd
CVE-2023-50239P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50239 [HIGH] CWE-121 CVE-2023-50239: Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionali Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `
nvd
CVE-2023-47856P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-47856 [HIGH] CWE-121 CVE-2023-47856: A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-41251P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-41251 [HIGH] CWE-121 CVE-2023-41251: A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2023-48270P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-48270 [HIGH] CWE-121 CVE-2023-48270: A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-49595P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-49595 [HIGH] CWE-121 CVE-2023-49595: A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-49867P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-49867 [HIGH] CWE-121 CVE-2023-49867: A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl81 A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
nvd
CVE-2023-50330P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-50330 [HIGH] CWE-121 CVE-2023-50330: A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl81 A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
nvd
CVE-2023-45215P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-45215 [HIGH] CWE-121 CVE-2023-45215: A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realt A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-49073P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-49073 [HIGH] CWE-121 CVE-2023-49073: A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rt A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2023-45742P3HIGHCVSS 7.2v3.4.112024-07-08
CVE-2023-45742 [HIGH] CWE-190 CVE-2023-45742: An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek r An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
Realtek Rtl819X Jungle Software Development Kit vulnerabilities | cvebase