What is CVE-2021-35395?

CVE-2021-35395 is a buffer overflow vulnerability present in the Realtek AP-Router SDK.

How severe is CVE-2021-35395?

CVE-2021-35395 is classified as a critical vulnerability with a severity score of 9.8 out of 10.

Which software versions are affected by CVE-2021-35395?

Realtek Jungle SDK versions 2.x up to 3.4.14B as well as the Realtek AP-Router SDK are affected by CVE-2021-35395.

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-35395?

CVE-2021-35395 is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-77 (Improper Neutralization of Special Elements used in a Command).

Are there any references available for CVE-2021-35395?

Yes, you can find more information about CVE-2021-35395 in the references provided: [Advisory - Multiple Issues in Realtek SDK IoT Supply Chain](https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain), [Realtek Website - Taiwan](https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en), [Realtek AP-Router SDK Advisory - CVE-2021-35392_35395](https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf).

Vulnerability/
CVE-2021-35395

Exploited

critical

CWE

119 77

16/8/2021

21/11/2024

CVE-2021-35395: Realtek AP-Router SDK Buffer Overflow Vulnerability

First published: Mon Aug 16 2021(Updated: )

Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Realtek Realtek Jungle Sdk	>=2.0<=3.4.14b
Realtek AP-Router SDK
	>=2.0<=3.4.14b

Remedy

https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en

Remedy

https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-35395?
CVE-2021-35395 is a buffer overflow vulnerability present in the Realtek AP-Router SDK.
How severe is CVE-2021-35395?
CVE-2021-35395 is classified as a critical vulnerability with a severity score of 9.8 out of 10.
Which software versions are affected by CVE-2021-35395?
Realtek Jungle SDK versions 2.x up to 3.4.14B as well as the Realtek AP-Router SDK are affected by CVE-2021-35395.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-35395?
CVE-2021-35395 is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-77 (Improper Neutralization of Special Elements used in a Command).
Are there any references available for CVE-2021-35395?
Yes, you can find more information about CVE-2021-35395 in the references provided: [Advisory - Multiple Issues in Realtek SDK IoT Supply Chain](https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain), [Realtek Website - Taiwan](https://www.realtek.com/en/cu-1-en/cu-1-taiwan-en), [Realtek AP-Router SDK Advisory - CVE-2021-35392_35395](https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf).

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/remedy
agent/weakness
agent/softwarecombine
agent/title
agent/severity
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/references
agent/description
agent/tags
collector/nvd-cve
source/NVD
vendor/realtek
canonical/realtek realtek jungle sdk
version/realtek realtek jungle sdk/2.0
version/realtek realtek jungle sdk/3.4.14b
canonical/realtek ap-router sdk

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.