BDU:2021-04077

Scores

EPSS Score

0.0000

CVSS

3.x 9.8

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

All CVSS Scores

CVSS 4.0

0.0

CVSS 3.x

9.8

Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

Уязвимость инструмента для диагностирования MP Daemon средств разработки Realtek SDK связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Sources

bdu

Related Vulnerabilities

CVE-2021-35394

Reference Links

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35394

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf

https://nvd.nist.gov/vuln/detail/CVE-2021-35394

https://www.anti-malware.ru/news/2021-08-16-111332/36688

https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/

Vulnerable Software

Type: Configuration

Vendor: realtek semiconductor corp.

Product: realtek sdk

Operating System: * *

Trait:

{
  "version_end_excluding": "3.2.3"
}

Source: bdu

Type: Configuration

Vendor: realtek semiconductor corp.

Product: realtek sdk

Operating System: * *

Trait:

{
  "version_end_excluding": "3.4.11E"
}

Source: bdu

Type: Configuration

Vendor: realtek semiconductor corp.

Product: realtek sdk

Operating System: * *

Trait:

{
  "version_end_excluding": "3.4t pre5"
}

Source: bdu

Type: Configuration

Vendor: realtek semiconductor corp.

Product: realtek sdk

Operating System: * *

Trait:

{
  "version_end_excluding": "3.4t pre7"
}

Source: bdu

Type: Configuration

Vendor: realtek semiconductor corp.

Product: realtek “luna” sdk

Operating System: * *

Trait:

{
  "version_end_excluding": "1.3.2a"
}

Source: bdu