Filtered by vendor Realtek Subscriptions
Total 69 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-40740 1 Realtek 2 Usdk, Xpon Software Development Kit 2024-11-21 7.2 High
Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
CVE-2022-34326 1 Realtek 2 Rtl8195am, Rtl8195am Firmware 2024-11-21 7.5 High
In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.
CVE-2022-32967 1 Realtek 4 Rtl8111ep-cg, Rtl8111ep-cg Firmware, Rtl8111fp-cg and 1 more 2024-11-21 2.1 Low
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
CVE-2022-32966 1 Realtek 2 Rtl8111fp-cg, Rtl8111fp-cg Firmware 2024-11-21 6.5 Medium
RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.
CVE-2022-29558 1 Realtek 1 Rtl819x Software Development Kit 2024-11-21 8.8 High
Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.
CVE-2022-27255 1 Realtek 4 Ecos Msdk, Ecos Msdk Firmware, Ecos Rsdk and 1 more 2024-11-21 9.8 Critical
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
CVE-2022-26529 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-26528 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-26527 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.
CVE-2022-25635 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
CVE-2022-25480 1 Realtek 3 Rtsper, Rtsper Pcie Card Reader Driver, Rtsuer 2024-11-21 7.8 High
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
CVE-2022-25479 1 Realtek 4 Rtsper, Rtsper Pcie Card Reader Driver, Rtsper Usb Card Reader Driver and 1 more 2024-11-21 6.1 Medium
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
CVE-2022-25478 1 Realtek 2 Rtsper, Rtsuer 2024-11-21 7.8 High
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.
CVE-2022-25477 1 Realtek 2 Rtsper, Rtsuer 2024-11-21 5.5 Medium
Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
CVE-2022-21742 1 Realtek 14 Rtl8152b, Rtl8152b Firmware, Rtl8153 and 11 more 2024-11-21 6.2 Medium
Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services.
CVE-2021-43573 1 Realtek 2 Rtl8195am, Rtl8195am Firmware 2024-11-21 9.8 Critical
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
CVE-2021-39306 1 Realtek 2 Rtl8195am, Rtl8195am Firmware 2024-11-21 9.8 Critical
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.
CVE-2021-36925 1 Realtek 1 Rtsupx Usb Utility Driver 2024-11-21 7.8 High
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
CVE-2021-36924 1 Realtek 1 Rtsupx Usb Utility Driver 2024-11-21 7.8 High
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device.
CVE-2021-36923 1 Realtek 1 Rtsupx Usb Utility Driver 2024-11-21 7.8 High
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.