CVE-2021-35394 PoC — Realtek Jungle SDK 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2021/CVE-2021-35394.yaml

Associated Vulnerability

Title:Realtek Jungle SDK 安全漏洞 (CVE-2021-35394)
Description:Realtek Jungle SDK是中国瑞昱半导体（Realtek）公司的提供了一个 HTTP Web 服务器，公开了一个管理接口，可用于配置接入点。 Realtek Jungle SDK 2.x版本至3.4.14B版本存在安全漏洞，该漏洞源于软件提供了一个称为MP Daemon的诊断工具，其通常编译为UDPServer二进制文件。该二进制文件受到多个内存破坏漏洞和任意命令注入漏洞的影响，这些漏洞可被远程未经身份验证的攻击者利用。

Description

The SDK exposes a UDP server that allows remote execution of arbitray commands.

File Snapshot


 id: CVE-2021-35394

info:
  name: RealTek AP Router SDK - Arbitrary Command Injection
  author: king

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!