Realtek Realtek

  1. Vendors
  2. Realtek

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Realtek product.

RSS Feeds for Realtek security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Realtek products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Realtek Sorted by Most Security Vulnerabilities since 2018

Realtek Rtl819x Jungle Software Development Kit23 vulnerabilities

Realtek Rtl819x Software Development Kit21 vulnerabilities

Realtek Rtsupx Usb Utility Driver4 vulnerabilities

Realtek Rtsuer4 vulnerabilities

Realtek Rtsper4 vulnerabilities

Realtek Jungle Sdk3 vulnerabilities

Realtek Jungle Sdk2 vulnerabilities

Realtek Sdk2 vulnerabilities

Realtek Rtl8762e Software Development Kit2 vulnerabilities

Realtek Rtl8195am Firmware1 vulnerability

Realtek Xpon Software Development Kit1 vulnerability

Realtek Usdk1 vulnerability

Realtek Rtl8812au Firmware1 vulnerability

Realtek Ameba Arduino Sdk1 vulnerability

Realtek Sdk Firmware1 vulnerability

Realtek Media Player1 vulnerability

Realtek Ndis1 vulnerability

Realtek Hda Driver1 vulnerability

Realtek Ameba Rtos D1 vulnerability

Known Exploited Realtek Vulnerabilities

The following Realtek vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Realtek SDK Improper Input Validation Vulnerability Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.
CVE-2014-8361 Exploit Probability: 94.0% 		September 18, 2023
Realtek Jungle SDK Remote Code Execution Vulnerability RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.
CVE-2021-35394 Exploit Probability: 94.2% 		December 10, 2021
Realtek SDK Arbitrary Code Execution Realtek Jungle SDK version v2.x up to v3.4.14B arbitrary code execution.
CVE-2021-35395 Exploit Probability: 93.7% 		November 3, 2021

Of the known exploited vulnerabilities above, 3 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings.

By the Year

In 2026 there have been 2 vulnerabilities in Realtek with an average score of 7.8 out of ten. Last year, in 2025 Realtek had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Realtek in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 2.40.




Year Vulnerabilities Average Score
2026 2 7.80
2025 3 5.40
2024 25 7.28
2023 2 7.35
2022 2 8.15
2021 9 8.29
2020 2 7.55

It may take a day or so for new Realtek vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Realtek Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2019-25345 Feb 12, 2026
Realtek IIS Codec Service 6.4.10041.133 Unquoted Path RCE Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
CVE-2020-36974 Jan 27, 2026
Realtek Andrea RT Filters 1.0.64.7 Unquoted Service Path LPE Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in 'C:\Program Files\IDT\WDM\AESTSr64.exe' to inject malicious code that would execute during service startup or system reboot.
Realtek Sdk Firmware
CVE-2025-44526 Jul 09, 2025
Realtek RTL8762E SDK v1.4.0 BLE DoS via LL_Length_Req Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.
Rtl8762e Software Development Kit
CVE-2025-49604 Jul 09, 2025
Realtek AmebaD heap overflow in WLAN defrag (<3.1.9) For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow.
Ameba Arduino Sdk
Ameba Rtos D
CVE-2025-44531 Jun 24, 2025
DoS via Crafted Bluetooth Pairing Key in Realtek RTL8762EKF-EVB SDK v1.4.0 An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.
Rtl8762e Software Development Kit
CVE-2024-48290 Nov 07, 2024
Realtek RTL8762E BLE SDK v1.4.0 DoS via ll_terminate_ind - November 2024 An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.
Realtek Sdk
CVE-2023-50381 Jul 08, 2024
Realtek rtl819x Jungle SDK v3.4.11 Boa formWsc OS Command Injection Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-46685 Jul 08, 2024
LevelOne WBR-6013 Hard-Coded Password in telnetd Allows Remote Code Execution A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution.
Rtl819x Software Development Kit
CVE-2023-50330 Jul 08, 2024
Realtek RTL819X Jungle SDK v3.4.11 getInfo Buffer Overflow RCE A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-50244 Jul 08, 2024
Realtek RTL819X Jungle SDK v3.4.11 Stack-Based Buffer Overflow (entry_name) Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-50243 Jul 08, 2024
Realtek rtl819x Jungle SDK v3.4.11 Boa IpQoS Buffer Overflow CVE-2023-50243 Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-50240 Jul 08, 2024
Buffer Overflow in Realtek rtl819x Jungle SDK v3.4.11 Boa set_RadvdInterfaceParam Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-49073 Jul 08, 2024
Realtek RTL819X Jungle SDK v3.4.11: Stack Buffer Overflow in boa formFilter A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-48270 Jul 08, 2024
Boa formDnsv6 Buffer Overflow in Realtek RTL819x Jungle SDK 3.4.11 A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-47856 Jul 08, 2024
Stack Buffer Overflow in Realtek rtl819x SDK v3.4.11 Boa set_RadvdPrefixParam A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-47677 Jul 08, 2024
Realtek rtl819x Jungle SDK v3.4.11 CSRF vulnerability A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-45742 Jul 08, 2024
Int Overflow in Realtek rtl819x Jungle SDK v3.4.11 updateConfigIntoFlash ACEx An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-45215 Jul 08, 2024
Realtek rtl819x Jungle SDK v3.4.11: stack buf ovf in boa setRepeaterSsid A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-41251 Jul 08, 2024
Realtek rtl819x SDK v3.4.11 Boa formRoute Stack Buffer Overflow A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-34435 Jul 08, 2024
Realtek rtl819x Jungle SDK v3.4.11 firmware arbitrary update via Boa formUpload A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-50383 Jul 08, 2024
Realtek rtl819x Jungle SDK v3.4.11 os Command Injection via localPin Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2024-21778 Jul 08, 2024
Heap Overflow in rtl819x Jungle SDK v3.4.11 MIB Init Array Allows Arbitrary Code Exec A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An attacker can upload a malicious file to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-49595 Jul 08, 2024
Stack Buffer Overflow in Realtek rtl819x Jungle SDK 3.4.11 Rollback Control Code A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-49867 Jul 08, 2024
Realtek rtl819x Jungle SDK v3.4.11 Buffer Overflow RCE via boa formWsc A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-50239 Jul 08, 2024
Realtek RTL819x Jungle SDK v3.4.11 Buffer Overflow in Boa set_RadvdInterfaceParam Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2023-50382 Jul 08, 2024
Realtek rtl819x Jungle SDK 3.4.11 OS Command Injection via formWsc peerPin Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's parameter.
Rtl819x Jungle Software Development Kit
Rtl819x Software Development Kit
CVE-2022-25477 Jul 02, 2024
Log Leak Weakens KASLR in Realtek RtsPer.sys & RtsUer.sys <10.0.22000.21355/31274 Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of kernel mode objects, weakening KASLR.
Rtsper
Rtsuer
CVE-2022-25478 Jul 02, 2024
Realtek RtsPer/RtsUer PCI Config Access R/W before 10.0.22000.21355/31274 Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device.
Rtsper
Rtsuer
CVE-2022-25479 Jul 02, 2024
Realtek RtsPer.sys/RtsUer.sys Mem Leak (10.0.22000.21355 / 10.0.22000.31274) Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap.
Rtsper
Rtsuer
CVE-2022-25480 Jul 02, 2024
Windows: RtsPer.sys/RtsUer.sys write beyond SystemBuffer 10.0.22000.31274 Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the SystemBuffer of the IRP.
Rtsper
Rtsuer
CVE-2020-26652 Aug 22, 2023
DoS via nl80211_send_chandef in Realtek rtl8812au v5.6.4.2 An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.
Rtl8812au Firmware
CVE-2022-40740 Jan 03, 2023
Realtek GPON Router Command Injection via Unfiltered Special Characters Realtek GPON router has insufficient filtering for special characters. A remote attacker authenticated as an administrator can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.
Xpon Software Development Kit
Usdk
CVE-2022-34326 Sep 27, 2022
ambiot amb1_sdk Timer/RX Task Lock in Soft AP Wi-Fi Handshake Failures In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection (with four-way handshake) failures in Soft AP mode.
Rtl8195am Firmware
CVE-2022-29558 Jul 28, 2022
Realtek RTL819xSDK <3.6.1 Command Injection via Web Interface Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.
Rtl819x Software Development Kit
CVE-2021-36925 Nov 02, 2021
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
Rtsupx Usb Utility Driver
CVE-2021-36924 Nov 02, 2021
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device.
Rtsupx Usb Utility Driver
CVE-2021-36923 Nov 02, 2021
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
Rtsupx Usb Utility Driver
CVE-2021-36922 Nov 02, 2021
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
Rtsupx Usb Utility Driver
CVE-2021-35395 Aug 16, 2021
Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.
Realtek Jungle Sdk
Rtl819x Jungle Software Development Kit
CVE-2021-35392 Aug 16, 2021
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header.
Jungle Sdk
Rtl819x Jungle Software Development Kit
CVE-2021-35394 Aug 16, 2021
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers.
Realtek Jungle Sdk
Jungle Sdk
Rtl819x Jungle Software Development Kit
And others...
CVE-2021-35393 Aug 16, 2021
Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or mini_upnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due to unsafe parsing of the UPnP SUBSCRIBE/UNSUBSCRIBE Callback header. Successful exploitation of this vulnerability allows remote unauthenticated attackers to gain arbitrary code execution on the affected device.
Realtek Jungle Sdk
Rtl819x Jungle Software Development Kit
CVE-2021-32537 Jul 07, 2021
Realtek HAD contains a driver crashed vulnerability which Realtek HAD contains a driver crashed vulnerability which allows local side attackers to send a special string to the kernel driver in a userâs mode. Due to unexpected commands, the kernel driver will cause the system crashed.
Hda Driver
CVE-2020-12773 Jun 08, 2020
A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool.
CVE-2019-11867 Feb 12, 2020
Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer Realtek NDIS driver rt640x64.sys, file version 10.1.505.2015, fails to do any size checking on an input buffer from user space, which the driver assumes has a size greater than zero bytes. To exploit this vulnerability, an attacker must send an IRP with a system buffer size of 0.
Ndis
CVE-2014-8361 May 01, 2015
The miniigd SOAP service in Realtek SDK The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Realtek Sdk
CVE-2008-5664 Dec 19, 2008
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
Realtek Media Player
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.