VYPR
Vendor

Realtek

Products
43
CVEs
87
Across products
86
Status
Private

Products

43
View all 43 products →

Recent CVEs

87
View all 87 CVEs →
  • CVE-2014-8361CriKEVMay 1, 2015
    risk 0.87cvss 9.8epss 1.00

    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

  • CVE-2024-40431HigOct 23, 2024
    risk 0.59cvss 8.8epss 0.01

    A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user.

  • CVE-2024-33224HigMay 22, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2026-36355HigMay 5, 2026
    risk 0.53cvss 7.7epss 0.01

    The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the…

  • CVE-2019-25345HigFeb 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges…

  • CVE-2020-36974HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject…

  • CVE-2024-11857HigJun 2, 2025
    risk 0.51cvss 7.8epss 0.00

    Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can…

  • CVE-2024-33225HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2017-3767HigNov 13, 2017
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

  • CVE-2017-0444HigFeb 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2025-44559MedJun 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.

  • CVE-2024-40432MedOct 23, 2024
    risk 0.42cvss 6.5epss 0.00

    A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SFFDISK_DEVICE_COMMAND control of the SD card reader driver allows a privileged attacker to crash the OS.

  • CVE-2025-60419MedOct 24, 2025
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service.

  • CVE-2024-48290MedNov 7, 2024
    risk 0.28cvss 4.3epss 0.00

    An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.

  • CVE-2021-35394KEVAug 16, 2021
    risk 0.20cvss epss 1.00

    Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be…

  • CVE-2021-35395KEVAug 16, 2021
    risk 0.19cvss epss 0.98

    Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both…

  • CVE-2021-35392Aug 16, 2021
    risk 0.06cvss epss 0.83

    Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present…

  • CVE-2008-5664Dec 19, 2008
    risk 0.06cvss epss 0.36

    Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.

  • CVE-2019-19822Jan 27, 2020
    risk 0.04cvss epss 0.09

    A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT…

  • CVE-2019-15084Aug 15, 2019
    risk 0.03cvss epss 0.01

    Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.