CVE-2021-35393

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due ...

CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe...

CVE-2021-35393

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due ...

CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe...

Heap overflow

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe...

Stack overflow

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due ...

CVE-2021-35392

Realtek Jungle SDK (Realtek RTL819xD-based devices) exposes a vulnerable WiFi Simple Config server (Go-Ahead/Boa HTTP web server variants) that implements UPnP/SSDP. CVE-2021-35392 describes a heap overflow in handling SSDP NOTIFY messages crafted from M-SEARCH ST headers, affecting Realtek Jungl...

CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe...

CVE-2021-35393

Concrete details exist for Realtek Jungle SDK vulnerabilities (CVE-2021-35392, -35393, -35394, -35395). Realtek Jungle SDK v2.x–v3.4.14B runs a WiFi Simple Config/UPnP/SSDP server (named wscd or mini_upnpd) and separate management interfaces. Root causes include unsafe handling of submitted param...

CVE-2021-35393

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due ...

PT-2021-3801 · Realtek · Realtek Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek Jungle SDK versions v2.x through v3.4.14B Description: The WiFi Simple Config server in the Realtek Jungle SDK is vulnerable due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header, leading to a stack buffer overflow...