// For flags

CVE-2014-8361

Realtek SDK Improper Input Validation Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges.

Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.

*Credits: Ricky "HeadlessZeke" Lawshae
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-10-20 CVE Reserved
  • 2015-04-24 CVE Published
  • 2023-09-18 Exploited in Wild
  • 2023-10-09 KEV Due Date
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-10-25 EPSS Updated
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Dlink
Search vendor "Dlink"
Dir-905l Firmware
Search vendor "Dlink" for product "Dir-905l Firmware"
<= 2.05b01
Search vendor "Dlink" for product "Dir-905l Firmware" and version " <= 2.05b01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-905l
Search vendor "Dlink" for product "Dir-905l"
a1
Search vendor "Dlink" for product "Dir-905l" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-905l Firmware
Search vendor "Dlink" for product "Dir-905l Firmware"
<= 2.05b01
Search vendor "Dlink" for product "Dir-905l Firmware" and version " <= 2.05b01"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-905l
Search vendor "Dlink" for product "Dir-905l"
b1
Search vendor "Dlink" for product "Dir-905l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-605l Firmware
Search vendor "Dlink" for product "Dir-605l Firmware"
<= 1.14b06
Search vendor "Dlink" for product "Dir-605l Firmware" and version " <= 1.14b06"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-605l
Search vendor "Dlink" for product "Dir-605l"
a1
Search vendor "Dlink" for product "Dir-605l" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-600l Firmware
Search vendor "Dlink" for product "Dir-600l Firmware"
<= 1.15
Search vendor "Dlink" for product "Dir-600l Firmware" and version " <= 1.15"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-600l
Search vendor "Dlink" for product "Dir-600l"
a1
Search vendor "Dlink" for product "Dir-600l" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-619l Firmware
Search vendor "Dlink" for product "Dir-619l Firmware"
<= 1.15
Search vendor "Dlink" for product "Dir-619l Firmware" and version " <= 1.15"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-619l
Search vendor "Dlink" for product "Dir-619l"
a1
Search vendor "Dlink" for product "Dir-619l" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-809 Firmware
Search vendor "Dlink" for product "Dir-809 Firmware"
<= 1.04b02
Search vendor "Dlink" for product "Dir-809 Firmware" and version " <= 1.04b02"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-809
Search vendor "Dlink" for product "Dir-809"
a1
Search vendor "Dlink" for product "Dir-809" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-809 Firmware
Search vendor "Dlink" for product "Dir-809 Firmware"
<= 1.04b02
Search vendor "Dlink" for product "Dir-809 Firmware" and version " <= 1.04b02"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-809
Search vendor "Dlink" for product "Dir-809"
a2
Search vendor "Dlink" for product "Dir-809" and version "a2"
-
Safe
Dlink
Search vendor "Dlink"
Dir-605l Firmware
Search vendor "Dlink" for product "Dir-605l Firmware"
<= 2.07b02
Search vendor "Dlink" for product "Dir-605l Firmware" and version " <= 2.07b02"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-605l
Search vendor "Dlink" for product "Dir-605l"
b1
Search vendor "Dlink" for product "Dir-605l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-605l Firmware
Search vendor "Dlink" for product "Dir-605l Firmware"
<= 3.03b07
Search vendor "Dlink" for product "Dir-605l Firmware" and version " <= 3.03b07"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-605l
Search vendor "Dlink" for product "Dir-605l"
c1
Search vendor "Dlink" for product "Dir-605l" and version "c1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-619l Firmware
Search vendor "Dlink" for product "Dir-619l Firmware"
<= 2.07b02
Search vendor "Dlink" for product "Dir-619l Firmware" and version " <= 2.07b02"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-619l
Search vendor "Dlink" for product "Dir-619l"
b1
Search vendor "Dlink" for product "Dir-619l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-600l Firmware
Search vendor "Dlink" for product "Dir-600l Firmware"
<= 2.056b06
Search vendor "Dlink" for product "Dir-600l Firmware" and version " <= 2.056b06"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-600l
Search vendor "Dlink" for product "Dir-600l"
b1
Search vendor "Dlink" for product "Dir-600l" and version "b1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-501 Firmware
Search vendor "Dlink" for product "Dir-501 Firmware"
<= 1.01b04
Search vendor "Dlink" for product "Dir-501 Firmware" and version " <= 1.01b04"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-501
Search vendor "Dlink" for product "Dir-501"
a1
Search vendor "Dlink" for product "Dir-501" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-515 Firmware
Search vendor "Dlink" for product "Dir-515 Firmware"
<= 1.01b04
Search vendor "Dlink" for product "Dir-515 Firmware" and version " <= 1.01b04"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-515
Search vendor "Dlink" for product "Dir-515"
a1
Search vendor "Dlink" for product "Dir-515" and version "a1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-615 Firmware
Search vendor "Dlink" for product "Dir-615 Firmware"
10.01b02
Search vendor "Dlink" for product "Dir-615 Firmware" and version "10.01b02"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-615
Search vendor "Dlink" for product "Dir-615"
j1
Search vendor "Dlink" for product "Dir-615" and version "j1"
-
Safe
Dlink
Search vendor "Dlink"
Dir-615 Firmware
Search vendor "Dlink" for product "Dir-615 Firmware"
<= 6.06b03
Search vendor "Dlink" for product "Dir-615 Firmware" and version " <= 6.06b03"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-615
Search vendor "Dlink" for product "Dir-615"
fx
Search vendor "Dlink" for product "Dir-615" and version "fx"
-
Safe
Dlink
Search vendor "Dlink"
Dir-615 Firmware
Search vendor "Dlink" for product "Dir-615 Firmware"
10.01b02
Search vendor "Dlink" for product "Dir-615 Firmware" and version "10.01b02"
-
Affected
in Dlink
Search vendor "Dlink"
Dir-615
Search vendor "Dlink" for product "Dir-615"
fx
Search vendor "Dlink" for product "Dir-615" and version "fx"
-
Safe
Aterm
Search vendor "Aterm"
Wg1900hp2 Firmware
Search vendor "Aterm" for product "Wg1900hp2 Firmware"
<= 1.3.1
Search vendor "Aterm" for product "Wg1900hp2 Firmware" and version " <= 1.3.1"
-
Affected
in Aterm
Search vendor "Aterm"
Wg1900hp2
Search vendor "Aterm" for product "Wg1900hp2"
--
Safe
Aterm
Search vendor "Aterm"
Wg1900hp Firmware
Search vendor "Aterm" for product "Wg1900hp Firmware"
<= 2.5.1
Search vendor "Aterm" for product "Wg1900hp Firmware" and version " <= 2.5.1"
-
Affected
in Aterm
Search vendor "Aterm"
Wg1900hp
Search vendor "Aterm" for product "Wg1900hp"
--
Safe
Aterm
Search vendor "Aterm"
Wg1800hp4 Firmware
Search vendor "Aterm" for product "Wg1800hp4 Firmware"
<= 1.3.1
Search vendor "Aterm" for product "Wg1800hp4 Firmware" and version " <= 1.3.1"
-
Affected
in Aterm
Search vendor "Aterm"
Wg1800hp4
Search vendor "Aterm" for product "Wg1800hp4"
--
Safe
Aterm
Search vendor "Aterm"
Wg1800hp3 Firmware
Search vendor "Aterm" for product "Wg1800hp3 Firmware"
<= 1.5.1
Search vendor "Aterm" for product "Wg1800hp3 Firmware" and version " <= 1.5.1"
-
Affected
in Aterm
Search vendor "Aterm"
Wg1800hp3
Search vendor "Aterm" for product "Wg1800hp3"
--
Safe
Aterm
Search vendor "Aterm"
Wg1200hs2 Firmware
Search vendor "Aterm" for product "Wg1200hs2 Firmware"
<= 2.5.0
Search vendor "Aterm" for product "Wg1200hs2 Firmware" and version " <= 2.5.0"
-
Affected
in Aterm
Search vendor "Aterm"
Wg1200hs2
Search vendor "Aterm" for product "Wg1200hs2"
--
Safe
Aterm
Search vendor "Aterm"
Wg1200hp3 Firmware
Search vendor "Aterm" for product "Wg1200hp3 Firmware"
<= 1.3.1
Search vendor "Aterm" for product "Wg1200hp3 Firmware" and version " <= 1.3.1"
-
Affected
in Aterm
Search vendor "Aterm"
Wg1200hp3
Search vendor "Aterm" for product "Wg1200hp3"
--
Safe
Aterm
Search vendor "Aterm"
Wg1200hp2 Firmware
Search vendor "Aterm" for product "Wg1200hp2 Firmware"
<= 2.5.0
Search vendor "Aterm" for product "Wg1200hp2 Firmware" and version " <= 2.5.0"
-
Affected
in Aterm
Search vendor "Aterm"
Wg1200hp2
Search vendor "Aterm" for product "Wg1200hp2"
--
Safe
Aterm
Search vendor "Aterm"
W1200ex Firmware
Search vendor "Aterm" for product "W1200ex Firmware"
<= 1.3.1
Search vendor "Aterm" for product "W1200ex Firmware" and version " <= 1.3.1"
-
Affected
in Aterm
Search vendor "Aterm"
W1200ex
Search vendor "Aterm" for product "W1200ex"
--
Safe
Aterm
Search vendor "Aterm"
W1200ex-ms Firmware
Search vendor "Aterm" for product "W1200ex-ms Firmware"
<= 1.3.1
Search vendor "Aterm" for product "W1200ex-ms Firmware" and version " <= 1.3.1"
-
Affected
in Aterm
Search vendor "Aterm"
W1200ex-ms
Search vendor "Aterm" for product "W1200ex-ms"
--
Safe
Aterm
Search vendor "Aterm"
Wg1200hs Firmware
Search vendor "Aterm" for product "Wg1200hs Firmware"
*-
Affected
in Aterm
Search vendor "Aterm"
Wg1200hs
Search vendor "Aterm" for product "Wg1200hs"
--
Safe
Aterm
Search vendor "Aterm"
Wg1200hp Firmware
Search vendor "Aterm" for product "Wg1200hp Firmware"
*-
Affected
in Aterm
Search vendor "Aterm"
Wg1200hp
Search vendor "Aterm" for product "Wg1200hp"
--
Safe
Aterm
Search vendor "Aterm"
Wf800hp Firmware
Search vendor "Aterm" for product "Wf800hp Firmware"
*-
Affected
in Aterm
Search vendor "Aterm"
Wf800hp
Search vendor "Aterm" for product "Wf800hp"
--
Safe
Aterm
Search vendor "Aterm"
Wf300hp2 Firmware
Search vendor "Aterm" for product "Wf300hp2 Firmware"
*-
Affected
in Aterm
Search vendor "Aterm"
Wf300hp2
Search vendor "Aterm" for product "Wf300hp2"
--
Safe
Aterm
Search vendor "Aterm"
Wr8165n Firmware
Search vendor "Aterm" for product "Wr8165n Firmware"
*-
Affected
in Aterm
Search vendor "Aterm"
Wr8165n
Search vendor "Aterm" for product "Wr8165n"
--
Safe
Aterm
Search vendor "Aterm"
W500p Firmware
Search vendor "Aterm" for product "W500p Firmware"
*-
Affected
in Aterm
Search vendor "Aterm"
W500p
Search vendor "Aterm" for product "W500p"
--
Safe
Aterm
Search vendor "Aterm"
W300p Firmware
Search vendor "Aterm" for product "W300p Firmware"
*-
Affected
in Aterm
Search vendor "Aterm"
W300p
Search vendor "Aterm" for product "W300p"
--
Safe
Realtek
Search vendor "Realtek"
Realtek Sdk
Search vendor "Realtek" for product "Realtek Sdk"
--
Affected