Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 13 Aug 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Realtek rtl819x Jungle Software Development Kit
CPEs cpe:2.3:a:realtek:realtek_jungle_sdk:*:*:*:*:*:*:*:* cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:*:*:*:*:*:*:*:*
Vendors & Products Realtek realtek Jungle Sdk
Realtek rtl819x Jungle Software Development Kit

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T00:33:51.312Z

Reserved: 2021-06-23T00:00:00

Link: CVE-2021-35393

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-08-16T12:15:07.230

Modified: 2025-08-13T15:22:43.290

Link: CVE-2021-35393

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.