VYPR

Vendor CVEs

Realtek

All CVEs

87 total · sorted by risk
  • CVE-2014-8361CriKEVMay 1, 2015
    risk 0.87cvss 9.8epss 1.00

    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

  • CVE-2024-40431HigOct 23, 2024
    risk 0.59cvss 8.8epss 0.01

    A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user.

  • CVE-2024-33224HigMay 22, 2024
    risk 0.55cvss 8.4epss 0.00

    An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2026-36355HigMay 5, 2026
    risk 0.53cvss 7.7epss 0.01

    The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6) debug handlers, which are compiled into production builds via the…

  • CVE-2019-25345HigFeb 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges…

  • CVE-2020-36974HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject…

  • CVE-2024-11857HigJun 2, 2025
    risk 0.51cvss 7.8epss 0.00

    Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can…

  • CVE-2024-33225HigMay 22, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2017-3767HigNov 13, 2017
    risk 0.51cvss 7.8epss 0.00

    A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges.

  • CVE-2017-0444HigFeb 8, 2017
    risk 0.46cvss 7.0epss 0.01

    An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android.…

  • CVE-2025-44559MedJun 27, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.

  • CVE-2024-40432MedOct 23, 2024
    risk 0.42cvss 6.5epss 0.00

    A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SFFDISK_DEVICE_COMMAND control of the SD card reader driver allows a privileged attacker to crash the OS.

  • CVE-2025-60419MedOct 24, 2025
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service.

  • CVE-2024-48290MedNov 7, 2024
    risk 0.28cvss 4.3epss 0.00

    An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.

  • CVE-2021-35394KEVAug 16, 2021
    risk 0.20cvss epss 1.00

    Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be…

  • CVE-2021-35395KEVAug 16, 2021
    risk 0.19cvss epss 0.98

    Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both…

  • CVE-2021-35392Aug 16, 2021
    risk 0.06cvss epss 0.83

    Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present…

  • CVE-2008-5664Dec 19, 2008
    risk 0.06cvss epss 0.36

    Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.

  • CVE-2019-19822Jan 27, 2020
    risk 0.04cvss epss 0.09

    A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT…

  • CVE-2019-15084Aug 15, 2019
    risk 0.03cvss epss 0.01

    Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.

  • CVE-2019-19823Jan 27, 2020
    risk 0.02cvss epss 0.06

    A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0,…

  • CVE-2023-47856Jul 8, 2024
    risk 0.01cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2023-50240Jul 8, 2024
    risk 0.01cvss epss 0.01

    Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger…

  • CVE-2023-50239Jul 8, 2024
    risk 0.01cvss epss 0.01

    Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger…

  • CVE-2023-50244Jul 8, 2024
    risk 0.01cvss epss 0.01

    Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2023-50243Jul 8, 2024
    risk 0.01cvss epss 0.01

    Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these…

  • CVE-2023-50330Jul 8, 2024
    risk 0.01cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

  • CVE-2023-49867Jul 8, 2024
    risk 0.01cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.

  • CVE-2022-27255Aug 1, 2022
    risk 0.01cvss epss 0.37

    In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.

  • CVE-2021-35393Aug 16, 2021
    risk 0.01cvss epss 0.70

    Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability…

  • CVE-2020-37252Jun 19, 2026
    risk 0.00cvss epss 0.00

    Realtek Audio Service 1.0.0.55 contains an unquoted service path vulnerability in RtkAudioService64.exe that allows local attackers to escalate privileges by injecting malicious code. Attackers can place executable files in the unquoted service path directory to execute…

  • CVE-2016-20085Jun 19, 2026
    risk 0.00cvss epss 0.00

    Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the…

  • CVE-2025-39928Oct 1, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: ensure data length is within supported range Add an explicit check for the xfer length to 'rtl9300_i2c_config_xfer' to ensure the data length isn't within the supported range. In particular a…

  • CVE-2025-8300Sep 2, 2025
    risk 0.00cvss epss 0.00

    Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability…

  • CVE-2025-8299Sep 2, 2025
    risk 0.00cvss epss 0.00

    Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must…

  • CVE-2025-8298Sep 2, 2025
    risk 0.00cvss epss 0.00

    Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU drivers. An attacker must…

  • CVE-2025-8301Sep 2, 2025
    risk 0.00cvss epss 0.00

    Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker must first…

  • CVE-2025-8302Sep 2, 2025
    risk 0.00cvss epss 0.00

    Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK Wi-Fi driver. An attacker must first obtain the ability…

  • CVE-2025-44526Jul 9, 2025
    risk 0.00cvss epss 0.00

    Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

  • CVE-2025-44531Jun 24, 2025
    risk 0.00cvss epss 0.00

    An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.

  • CVE-2023-47677Jul 8, 2024
    risk 0.00cvss epss 0.00

    A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2023-34435Jul 8, 2024
    risk 0.00cvss epss 0.00

    A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-21778Jul 8, 2024
    risk 0.00cvss epss 0.01

    A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this…

  • CVE-2023-49073Jul 8, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2023-48270Jul 8, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2023-45742Jul 8, 2024
    risk 0.00cvss epss 0.01

    An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2023-49595Jul 8, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger…

  • CVE-2023-45215Jul 8, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2023-41251Jul 8, 2024
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2023-50383Jul 8, 2024
    risk 0.00cvss epss 0.02

    Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these…

Page 1 of 2