CVE-2021-35393

Name of the Vulnerable Software and Affected Versions Realtek Jungle SDK versions v2.x through v3.4.14B

Description The WiFi Simple Config server in the Realtek Jungle SDK is vulnerable due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header, leading to a stack buffer overflow. This allows remote unauthenticated attackers to gain arbitrary code execution on the affected device.

Recommendations For Realtek Jungle SDK versions v2.x through v3.4.14B, consider disabling the wscd or mini upnpd binary until a patch is available to prevent exploitation of the stack buffer overflow vulnerability. Restrict access to the WiFi Simple Config server to minimize the risk of exploitation. Avoid using the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.