Unrated severityCISA KEVNVD Advisory· Published Aug 16, 2021· Updated Oct 21, 2025
CVE-2021-35394
CVE-2021-35394
Description
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
Affected products
2- Realtek/Jungle SDKdescription
- Range: >=2.0, <=3.4.14B
Patches
Vulnerability mechanics
References
4- www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chainmitrex_refsource_MISC
- www.realtek.com/en/cu-1-en/cu-1-taiwan-enmitrex_refsource_MISC
- www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdfmitrex_refsource_MISC
- www.securityfocus.com/archive/1/534765mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.