Multiple Memory Corruption and Arbitrary Command Injection Vulnerabilities in Realtek Jungle SDK

Multiple Memory Corruption and Arbitrary Command Injection Vulnerabilities in Realtek Jungle SDK

CVE-2021-35394 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.

Learn more about our Cis Benchmark Audit For Server Software.