8 matches found
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022-46169 CVSS score: 9.8 and CVE-2021-35394 CVSS score: 9.8 to deliver MooBot and ShellBot aka PerlBot, Fortinet...
Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as...
Realtek Jungle SDK Command Injection (CVE-2021-35394)
A command injection vulnerability exists in Realtek Jungle SDK. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
VulnCheck KEV: CVE-2021-35394
RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution...
Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices
Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits SDKs accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK...
CVE-2021-35394
creationtimestamp| type| source ---|---|--- 2021-08-16 16:14:35+00:00| seen| https://t.me/cibsecurity/27375 2021-08-17 19:18:26+00:00| seen| https://t.me/NeKaspersky/1142 2021-08-18 16:31:58+00:00| seen| https://t.me/sysodmins/12727 2021-09-01 11:53:46+00:00| published-proof-of-concept|...
CVE-2021-35394
Realtek Jungle SDK vulnerable versions are 2.x up to 3.4.14B. The CVE-2021-35394 issue involves the UDPServer/MP Daemon (management interface) suffering multiple memory corruption flaws and an arbitrary command injection, enabling remote unauthenticated code execution. Related connected documents...
CVE-2021-35394
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote...