CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:realtek:jungle_sdk:*:*:*:*:*:*:*:*

Information

Published : 2021-08-16 05:15

Updated : 2021-08-25 12:04


NVD link : CVE-2021-35392

Mitre link : CVE-2021-35392


JSON object : View

CWE
CWE-787

Out-of-bounds Write

Advertisement

dedicated server usa

Products Affected

realtek

  • jungle_sdk