CVE-2014-8361

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://jvn.jp/en/jp/JVN47580234/index.html Third Party Advisory
http://jvn.jp/en/jp/JVN67456944/index.html Third Party Advisory
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html Third Party Advisory VDB Entry
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 Vendor Advisory
http://www.securityfocus.com/bid/74330 Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-155/ Third Party Advisory VDB Entry
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ Third Party Advisory
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 Third Party Advisory
https://www.exploit-db.com/exploits/37169/ Third Party Advisory VDB Entry
http://jvn.jp/en/jp/JVN47580234/index.html Third Party Advisory
http://jvn.jp/en/jp/JVN67456944/index.html Third Party Advisory
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html Third Party Advisory VDB Entry
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 Vendor Advisory
http://www.securityfocus.com/bid/74330 Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-155/ Third Party Advisory VDB Entry
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ Third Party Advisory
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 Third Party Advisory
https://www.exploit-db.com/exploits/37169/ Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-905l:b1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-605l:c1:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:dlink:dir-900l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-900l:a1:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:dlink:dir-501_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-501:a1:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:dlink:dir-515_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-515:a1:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615:j1:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-615:fx:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:aterm:wg1900hp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1900hp2:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:aterm:wg1900hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1900hp:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:aterm:wg1800hp4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1800hp4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:aterm:wg1800hp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1800hp3:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:aterm:wg1200hs2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1200hs2:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:aterm:wg1200hp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1200hp3:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:aterm:wg1200hp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1200hp2:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:aterm:w1200ex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:w1200ex:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:aterm:w1200ex-ms_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:w1200ex-ms:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:aterm:wg1200hs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1200hs:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:aterm:wg1200hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wg1200hp:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wf800hp:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:aterm:wf300hp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wf300hp2:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:aterm:wr8165n_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:wr8165n:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:aterm:w500p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:w500p:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:aterm:w300p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:aterm:w300p:-:*:*:*:*:*:*:*
History

26 Mar 2025, 19:37

Type Values Removed Values Added
CPE cpe:2.3:o:dlink:dir-900l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:dlink:dir-900l:a1:*:*:*:*:*:*:*
First Time Dlink dir-900l Firmware
Dlink dir-900l

03 Feb 2025, 16:15

Type Values Removed Values Added
Summary (es) El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada. (es) El servicio SOAP miniigd en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada específicamente, como se explotó de forma activa hasta 2023.
Information

Published : 2015-05-01 15:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-8361

Mitre link : CVE-2014-8361

CVE.ORG link : CVE-2014-8361

JSON object : View

Products Affected

aterm

  • wg1800hp4_firmware
  • wf300hp2
  • wr8165n
  • w500p
  • wf300hp2_firmware
  • wg1200hp3
  • w1200ex-ms_firmware
  • wg1200hp3_firmware
  • wg1900hp2
  • wg1900hp_firmware
  • wg1200hp
  • w300p_firmware
  • wr8165n_firmware
  • wg1200hp2
  • w1200ex
  • wf800hp
  • wg1200hp_firmware
  • wg1900hp2_firmware
  • wg1200hs2_firmware
  • wg1800hp3
  • wg1800hp3_firmware
  • wg1200hs_firmware
  • w1200ex_firmware
  • w1200ex-ms
  • wg1800hp4
  • wg1200hs2
  • wf800hp_firmware
  • w500p_firmware
  • wg1900hp
  • w300p
  • wg1200hs
  • wg1200hp2_firmware

dlink

  • dir-615
  • dir-605l
  • dir-619l
  • dir-619l_firmware
  • dir-900l
  • dir-501
  • dir-905l
  • dir-600l
  • dir-615_firmware
  • dir-605l_firmware
  • dir-515_firmware
  • dir-515
  • dir-905l_firmware
  • dir-809_firmware
  • dir-900l_firmware
  • dir-600l_firmware
  • dir-501_firmware
  • dir-809

realtek

  • realtek_sdk
CWE
NVD-CWE-noinfo