APP: Realtek Jungle SDK Command Injection
This signature detects attempts to exploit a known vulnerability against Realtek Jungle SDK. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
Affected Products
Realtek jungle_sdk
Short Name
APP:MISC:REALTEK-JUNGLE-SDK-CI
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2021-35394 Command Injection Jungle Realtek SDK
Release Date
08/26/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3801
Port
UDP/9034
False Positive
Unknown
Vendors
Realtek
CVSS Score
10.0