Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the #Supply Chain : At least 65 vendors affected by severe vulnerabilities that enable unauthenticated attackers to fully compromise the target device and execute arbitrary code with the highest level of privilege. #Realtek chipsets are found in many embedded #devices in the IoT space. RTL8xxx SoCs – which provide #wireless capabilities – are very common.

• CVE-2021-35392 (#WiFi Simple Config’ stack buffer overflow via UPnP)
• CVE-2021-35393 (WiFi Simple Config’ heap buffer overflow via SSDP)
• CVE-2021-35394 (MP Daemon diagnostic tool command injection)
• CVE-2021-35395 (management web interface multiple vulnerabilities #vuln #informatique

https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/