Published: 16/08/2021 Updated: 26/08/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated malicious users to gain arbitrary code execution on the affected device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
realtek realtek jungle sdk

애니게이트사의 WN-5200Q 공유기 분석

AnyGate 공유기 분석 이 프로젝트는 AnyGate의 WN5200Q을 분석합니다 하드웨어 CPU: RTL8196E RAM: 16MB ROM: 4MB 특이한 점 WN5200Q인데 내부적으로 RG5200R으로 모델네임을 사용함 소프트웨어 UART Baud Rate:38400 계정이름: root 비밀번호: 웹 UI 비밀번호와 동일(없는 경우 admin) 사용 소프트웨어 Linux 버전: 알 수

CWE-787 https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf https://nvd.nist.gov https://github.com/hui1601/AnyGate-WN5200Q-analysis

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-35393

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect