CVE-2021-35392 in Jungle SDK
Summary
by MITRE • 08/16/2021
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/13/2025
The vulnerability CVE-2021-35392 affects Realtek Jungle SDK versions 2.x through 3.4.14B, specifically targeting the WiFi Simple Config server implementation that handles both UPnP and SSDP protocols. This server component, typically named wscd or mini_upnpd, serves as a successor to the miniigd implementation and represents a critical security flaw within embedded networking systems. The vulnerability manifests as a heap buffer overflow that occurs during the processing of SSDP NOTIFY messages generated from received M-SEARCH messages ST header values, creating a potential remote code execution vector for attackers who can manipulate network traffic.
The technical flaw stems from improper memory management within the SSDP protocol implementation where the server fails to properly validate or limit the length of strings extracted from the ST (Service Type) header of M-SEARCH messages. When processing these messages, the system performs unsafe string operations that do not account for buffer boundaries, leading to memory corruption when the crafted payload exceeds allocated buffer sizes. This heap overflow vulnerability is classified under CWE-121 as a stack-based buffer overflow, though the actual manifestation occurs in heap memory management. The vulnerability is particularly concerning because it operates at the network protocol level where attackers can craft malicious SSDP messages without requiring authentication or physical access to the device.
The operational impact of this vulnerability extends across numerous embedded devices that utilize Realtek's Jungle SDK, including routers, wireless access points, and IoT devices that implement UPnP functionality. Attackers can exploit this flaw by sending specially crafted M-SEARCH messages containing oversized ST headers, which when processed by the vulnerable wscd or mini_upnpd service, trigger the heap buffer overflow condition. This vulnerability aligns with ATT&CK technique T1059.007 for command and script interpreter execution, as successful exploitation could lead to arbitrary code execution on the affected device. The remote nature of this attack vector means that adversaries can exploit the vulnerability from outside the local network, making it particularly dangerous for network infrastructure devices that are often exposed to the internet.
Mitigation strategies should focus on immediate firmware updates from device vendors who have patched this vulnerability in their respective implementations. Network administrators should implement firewall rules to restrict SSDP traffic between internal networks and external interfaces, particularly blocking unnecessary UPnP/SSDP traffic. The implementation of network segmentation and monitoring for unusual SSDP traffic patterns can help detect exploitation attempts. Additionally, device manufacturers should adopt secure coding practices that include proper input validation, bounds checking, and memory management techniques to prevent similar vulnerabilities. Organizations should conduct vulnerability assessments to identify all devices running affected Realtek SDK versions and ensure that automatic update mechanisms are enabled where possible. The vulnerability demonstrates the importance of proper protocol implementation in embedded systems and highlights the need for security testing of network services in IoT and networking equipment.