CVE Daily

CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' s...

High CVSS 7.5

Overview

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.

CWE: CWE-787 Published: 2021-08-16T12:15:07.193
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags