Vulnerability — CVE-2021-35394

CVE-2021-35394

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-35394
Description:: Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
Last updated date:: 08/26/2021

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 08/24/2021
Reference url to background: https://blogs.juniper.net/en-us/threat-research/realtek-cve-2021-35394-exploited-in-the-wild

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 12/10/2021
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/26/2021
Reference url to background: https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain