Vulnerability detail

Enriched intelligence for a single CVE

9.8

CVSS
Critical

CVE-2021-35394

PUBLISHED

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The...

Exploited in the wild Remote Low complexity No user interaction

Vendor: Realtek
Product: Jungle SDK
Published: Aug 16, 2021
EPSS: —

Description

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.

cisa nuclei_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2021-12-10 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Dec 10, 2021
CISA	Dec 10, 2021

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2021/CVE-2021-35394.yaml	Apr 25, 2025

Timeline

CVE ID Reserved

June 23, 2021
CVE Published to Public

August 16, 2021
Added to KEVIntel

December 10, 2021
Added to KEVIntel

December 10, 2021
Detected by Nuclei

April 25, 2025