CVE-2014-8361
Realtek SDK Improper Input Validation Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges.
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.
*Credits:
Ricky "HeadlessZeke" Lawshae
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-10-20 CVE Reserved
- 2015-04-24 CVE Published
- 2023-09-18 Exploited in Wild
- 2023-10-09 KEV Due Date
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-25 EPSS Updated
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://jvn.jp/en/jp/JVN47580234/index.html | Third Party Advisory | |
| http://jvn.jp/en/jp/JVN67456944/index.html | Third Party Advisory | |
| http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html | Third Party Advisory |
|
| http://www.securityfocus.com/bid/74330 | Broken Link | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-155 | Third Party Advisory |
|
| https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos | Third Party Advisory | |
| https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 | Third Party Advisory | |
| http://www.s3cur1ty.de/m1adv2013-020 |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/37169 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 | 2024-06-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dlink Search vendor "Dlink" | Dir-905l Firmware Search vendor "Dlink" for product "Dir-905l Firmware" | <= 2.05b01 Search vendor "Dlink" for product "Dir-905l Firmware" and version " <= 2.05b01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-905l Search vendor "Dlink" for product "Dir-905l" | a1 Search vendor "Dlink" for product "Dir-905l" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-905l Firmware Search vendor "Dlink" for product "Dir-905l Firmware" | <= 2.05b01 Search vendor "Dlink" for product "Dir-905l Firmware" and version " <= 2.05b01" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-905l Search vendor "Dlink" for product "Dir-905l" | b1 Search vendor "Dlink" for product "Dir-905l" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-605l Firmware Search vendor "Dlink" for product "Dir-605l Firmware" | <= 1.14b06 Search vendor "Dlink" for product "Dir-605l Firmware" and version " <= 1.14b06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-605l Search vendor "Dlink" for product "Dir-605l" | a1 Search vendor "Dlink" for product "Dir-605l" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-600l Firmware Search vendor "Dlink" for product "Dir-600l Firmware" | <= 1.15 Search vendor "Dlink" for product "Dir-600l Firmware" and version " <= 1.15" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-600l Search vendor "Dlink" for product "Dir-600l" | a1 Search vendor "Dlink" for product "Dir-600l" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-619l Firmware Search vendor "Dlink" for product "Dir-619l Firmware" | <= 1.15 Search vendor "Dlink" for product "Dir-619l Firmware" and version " <= 1.15" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-619l Search vendor "Dlink" for product "Dir-619l" | a1 Search vendor "Dlink" for product "Dir-619l" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-809 Firmware Search vendor "Dlink" for product "Dir-809 Firmware" | <= 1.04b02 Search vendor "Dlink" for product "Dir-809 Firmware" and version " <= 1.04b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-809 Search vendor "Dlink" for product "Dir-809" | a1 Search vendor "Dlink" for product "Dir-809" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-809 Firmware Search vendor "Dlink" for product "Dir-809 Firmware" | <= 1.04b02 Search vendor "Dlink" for product "Dir-809 Firmware" and version " <= 1.04b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-809 Search vendor "Dlink" for product "Dir-809" | a2 Search vendor "Dlink" for product "Dir-809" and version "a2" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-605l Firmware Search vendor "Dlink" for product "Dir-605l Firmware" | <= 2.07b02 Search vendor "Dlink" for product "Dir-605l Firmware" and version " <= 2.07b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-605l Search vendor "Dlink" for product "Dir-605l" | b1 Search vendor "Dlink" for product "Dir-605l" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-605l Firmware Search vendor "Dlink" for product "Dir-605l Firmware" | <= 3.03b07 Search vendor "Dlink" for product "Dir-605l Firmware" and version " <= 3.03b07" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-605l Search vendor "Dlink" for product "Dir-605l" | c1 Search vendor "Dlink" for product "Dir-605l" and version "c1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-619l Firmware Search vendor "Dlink" for product "Dir-619l Firmware" | <= 2.07b02 Search vendor "Dlink" for product "Dir-619l Firmware" and version " <= 2.07b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-619l Search vendor "Dlink" for product "Dir-619l" | b1 Search vendor "Dlink" for product "Dir-619l" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-600l Firmware Search vendor "Dlink" for product "Dir-600l Firmware" | <= 2.056b06 Search vendor "Dlink" for product "Dir-600l Firmware" and version " <= 2.056b06" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-600l Search vendor "Dlink" for product "Dir-600l" | b1 Search vendor "Dlink" for product "Dir-600l" and version "b1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-501 Firmware Search vendor "Dlink" for product "Dir-501 Firmware" | <= 1.01b04 Search vendor "Dlink" for product "Dir-501 Firmware" and version " <= 1.01b04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-501 Search vendor "Dlink" for product "Dir-501" | a1 Search vendor "Dlink" for product "Dir-501" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-515 Firmware Search vendor "Dlink" for product "Dir-515 Firmware" | <= 1.01b04 Search vendor "Dlink" for product "Dir-515 Firmware" and version " <= 1.01b04" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-515 Search vendor "Dlink" for product "Dir-515" | a1 Search vendor "Dlink" for product "Dir-515" and version "a1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-615 Firmware Search vendor "Dlink" for product "Dir-615 Firmware" | 10.01b02 Search vendor "Dlink" for product "Dir-615 Firmware" and version "10.01b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-615 Search vendor "Dlink" for product "Dir-615" | j1 Search vendor "Dlink" for product "Dir-615" and version "j1" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-615 Firmware Search vendor "Dlink" for product "Dir-615 Firmware" | <= 6.06b03 Search vendor "Dlink" for product "Dir-615 Firmware" and version " <= 6.06b03" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-615 Search vendor "Dlink" for product "Dir-615" | fx Search vendor "Dlink" for product "Dir-615" and version "fx" | - |
Safe
|
| Dlink Search vendor "Dlink" | Dir-615 Firmware Search vendor "Dlink" for product "Dir-615 Firmware" | 10.01b02 Search vendor "Dlink" for product "Dir-615 Firmware" and version "10.01b02" | - |
Affected
| in | Dlink Search vendor "Dlink" | Dir-615 Search vendor "Dlink" for product "Dir-615" | fx Search vendor "Dlink" for product "Dir-615" and version "fx" | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1900hp2 Firmware Search vendor "Aterm" for product "Wg1900hp2 Firmware" | <= 1.3.1 Search vendor "Aterm" for product "Wg1900hp2 Firmware" and version " <= 1.3.1" | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1900hp2 Search vendor "Aterm" for product "Wg1900hp2" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1900hp Firmware Search vendor "Aterm" for product "Wg1900hp Firmware" | <= 2.5.1 Search vendor "Aterm" for product "Wg1900hp Firmware" and version " <= 2.5.1" | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1900hp Search vendor "Aterm" for product "Wg1900hp" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1800hp4 Firmware Search vendor "Aterm" for product "Wg1800hp4 Firmware" | <= 1.3.1 Search vendor "Aterm" for product "Wg1800hp4 Firmware" and version " <= 1.3.1" | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1800hp4 Search vendor "Aterm" for product "Wg1800hp4" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1800hp3 Firmware Search vendor "Aterm" for product "Wg1800hp3 Firmware" | <= 1.5.1 Search vendor "Aterm" for product "Wg1800hp3 Firmware" and version " <= 1.5.1" | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1800hp3 Search vendor "Aterm" for product "Wg1800hp3" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1200hs2 Firmware Search vendor "Aterm" for product "Wg1200hs2 Firmware" | <= 2.5.0 Search vendor "Aterm" for product "Wg1200hs2 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1200hs2 Search vendor "Aterm" for product "Wg1200hs2" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1200hp3 Firmware Search vendor "Aterm" for product "Wg1200hp3 Firmware" | <= 1.3.1 Search vendor "Aterm" for product "Wg1200hp3 Firmware" and version " <= 1.3.1" | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1200hp3 Search vendor "Aterm" for product "Wg1200hp3" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1200hp2 Firmware Search vendor "Aterm" for product "Wg1200hp2 Firmware" | <= 2.5.0 Search vendor "Aterm" for product "Wg1200hp2 Firmware" and version " <= 2.5.0" | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1200hp2 Search vendor "Aterm" for product "Wg1200hp2" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | W1200ex Firmware Search vendor "Aterm" for product "W1200ex Firmware" | <= 1.3.1 Search vendor "Aterm" for product "W1200ex Firmware" and version " <= 1.3.1" | - |
Affected
| in | Aterm Search vendor "Aterm" | W1200ex Search vendor "Aterm" for product "W1200ex" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | W1200ex-ms Firmware Search vendor "Aterm" for product "W1200ex-ms Firmware" | <= 1.3.1 Search vendor "Aterm" for product "W1200ex-ms Firmware" and version " <= 1.3.1" | - |
Affected
| in | Aterm Search vendor "Aterm" | W1200ex-ms Search vendor "Aterm" for product "W1200ex-ms" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1200hs Firmware Search vendor "Aterm" for product "Wg1200hs Firmware" | * | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1200hs Search vendor "Aterm" for product "Wg1200hs" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wg1200hp Firmware Search vendor "Aterm" for product "Wg1200hp Firmware" | * | - |
Affected
| in | Aterm Search vendor "Aterm" | Wg1200hp Search vendor "Aterm" for product "Wg1200hp" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wf800hp Firmware Search vendor "Aterm" for product "Wf800hp Firmware" | * | - |
Affected
| in | Aterm Search vendor "Aterm" | Wf800hp Search vendor "Aterm" for product "Wf800hp" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wf300hp2 Firmware Search vendor "Aterm" for product "Wf300hp2 Firmware" | * | - |
Affected
| in | Aterm Search vendor "Aterm" | Wf300hp2 Search vendor "Aterm" for product "Wf300hp2" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | Wr8165n Firmware Search vendor "Aterm" for product "Wr8165n Firmware" | * | - |
Affected
| in | Aterm Search vendor "Aterm" | Wr8165n Search vendor "Aterm" for product "Wr8165n" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | W500p Firmware Search vendor "Aterm" for product "W500p Firmware" | * | - |
Affected
| in | Aterm Search vendor "Aterm" | W500p Search vendor "Aterm" for product "W500p" | - | - |
Safe
|
| Aterm Search vendor "Aterm" | W300p Firmware Search vendor "Aterm" for product "W300p Firmware" | * | - |
Affected
| in | Aterm Search vendor "Aterm" | W300p Search vendor "Aterm" for product "W300p" | - | - |
Safe
|
| Realtek Search vendor "Realtek" | Realtek Sdk Search vendor "Realtek" for product "Realtek Sdk" | - | - |
Affected
| ||||||