CVE-2021-35394

Name of the Vulnerable Software and Affected Versions Realtek Jungle SDK versions v2.x through v3.4.14B

Description The Realtek Jungle SDK provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. This binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability. These vulnerabilities can be exploited by remote unauthenticated attackers, potentially allowing them to execute arbitrary code.

Recommendations For Realtek Jungle SDK versions v2.x through v3.4.14B, consider disabling the 'MP Daemon' tool or restricting access to the 'UDPServer' binary until a patch is available. Additionally, restrict access to the vulnerable UDPServer binary to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.