CVE-2021-35395

Name of the Vulnerable Software and Affected Versions Realtek Jungle SDK versions v2.x through v3.4.14B

Description The Realtek Jungle SDK provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exist: one based on Go-Ahead named webs and another based on Boa named boa. Both are affected by several issues, including stack buffer overflows in formRebootCheck, formWsc, formWlanMultipleAP, formWlSiteSurvey, formStaticDHCP, and formWsc due to unsafe copies of parameters such as submit-url, ifname, hostname, and peerPin. Additionally, there are arbitrary command execution and injection issues in formSysCmd and formWsc via parameters sysCmd and peerPin. Successful exploitation allows remote attackers to gain arbitrary code execution on the device.

Recommendations For Realtek Jungle SDK versions v2.x through v3.4.14B, consider disabling the vulnerable functions formRebootCheck, formWsc, formWlanMultipleAP, formWlSiteSurvey, formStaticDHCP, and formWsc until a patch is available. Restrict access to the management interface to minimize the risk of exploitation. Avoid using parameters submit-url, ifname, hostname, and peerPin in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.