Realtek

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-29558 1Realtek 1Rtl819x Software Development Kit Nov 21, 2024 Jul 28, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.
CVE-2022-21742 1Realtek 7Rtl8152b Firmware Rtl8153 FirmwareRtl8153b Firmware+4 more Nov 21, 2024 Jun 20, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.
CVE-2021-39306 1Realtek 1Rtl8195am Firmware Nov 21, 2024 Dec 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.
CVE-2021-43573 1Realtek 1Rtl8195am Firmware Nov 21, 2024 Nov 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
CVE-2021-36925 1Realtek 1Rtsupx Usb Utility Driver Nov 21, 2024 Nov 2, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Pr...Show more RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.Show less
CVE-2021-36924 1Realtek 1Rtsupx Usb Utility Driver Nov 21, 2024 Nov 2, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Executi...Show more RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device.Show less
CVE-2021-36923 1Realtek 1Rtsupx Usb Utility Driver Nov 21, 2024 Nov 2, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalati...Show more RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.Show less
CVE-2021-36922 1Realtek 1Rtsupx Usb Utility Driver Nov 21, 2024 Nov 2, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Exe...Show more RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.Show less
CVE-2021-35395 1Realtek 1Rtl819x Jungle Software Development Kit Nov 7, 2025 Aug 16, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go...Show more Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.Show less
CVE-2021-35394 1Realtek 1Rtl819x Jungle Software Development Kit Nov 7, 2025 Aug 16, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arb...Show more Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.Show less
CVE-2021-35393 1Realtek 1Rtl819x Jungle Software Development Kit Aug 13, 2025 Aug 16, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The serv...Show more Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device.Show less
CVE-2021-35392 1Realtek 1Rtl819x Jungle Software Development Kit Aug 13, 2025 Aug 16, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The serv...Show more Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.Show less
CVE-2021-32537 1Realtek 1Hda Driver Nov 21, 2024 Jul 7, 2021 N/A· v4 6.5 MEDIUM· v3 4.9 MEDIUM· v2 Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system cr...Show more Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a user’s mode. Due to unexpected commands, the kernel driver will cause the system crashed.Show less
CVE-2020-27302 1Realtek 2Rtl8195a Firmware Rtl8710c Firmware Nov 21, 2024 Jun 4, 2021 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the...Show more A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "memcpy" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.Show less
CVE-2020-27301 1Realtek 2Rtl8195a Firmware Rtl8710c Firmware Nov 21, 2024 Jun 4, 2021 N/A· v4 8.0 HIGH· v3 7.7 HIGH· v2 A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of...Show more A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devices) can lead to remote code execution via the "AES_UnWRAP" function, when an attacker in Wi-Fi range sends a crafted "Encrypted GTK" value as part of the WPA2 4-way-handshake.Show less
CVE-2020-23539 1Realtek 1Rtl8723de Firmware Nov 21, 2024 Apr 8, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message.
CVE-2021-27372 1Realtek 1Xpon Rtl9601d Software Development Kit Nov 21, 2024 Mar 25, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands.
CVE-2020-25857 1Realtek 1Rtl8195a Firmware Nov 21, 2024 Feb 3, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in...Show more The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK.Show less
CVE-2020-25856 1Realtek 1Rtl8195a Firmware Nov 21, 2024 Feb 3, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a st...Show more The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.Show less
CVE-2020-25855 1Realtek 1Rtl8195a Firmware Nov 21, 2024 Feb 3, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffe...Show more The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this.Show less

Previous 1 234 Next