The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
History
20 Dec 2024, 03:42
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (es) El servicio SOAP miniigd en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada específicamente, como se explotó de forma activa hasta 2023. |
21 Nov 2024, 02:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://jvn.jp/en/jp/JVN47580234/index.html - Third Party Advisory | |
| References | () http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory | |
| References | () http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html - Third Party Advisory, VDB Entry | |
| References | () http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () http://www.zerodayinitiative.com/advisories/ZDI-15-155/ - Third Party Advisory, VDB Entry | |
| References | () https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory | |
| References | () https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory | |
| References | () https://www.exploit-db.com/exploits/37169/ - Third Party Advisory, VDB Entry |
27 Jun 2024, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:o:aterm:wf300hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-615:j1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-501:a1:*:*:*:*:*:*:* cpe:2.3:h:aterm:w1200ex-ms:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-615:fx:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hp3:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wr8165n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wr8165n:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-905l:b1:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-515:a1:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hs:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1800hp3:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1900hp:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1800hp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1900hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:w1200ex_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:w1200ex-ms_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1900hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:w1200ex:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-501_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hp2:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:w300p:-:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hp:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:w500p:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hs2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hs2:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-605l:c1:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-515_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1900hp2:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1800hp4:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1800hp4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hs_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wf800hp:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wf300hp2:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:w300p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:w500p_firmware:*:*:*:*:*:*:*:* |
|
| References | () http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory | |
| References | () http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory | |
| References | () https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
| First Time |
Aterm wg1900hp2
Aterm wr8165n Firmware Aterm w1200ex-ms Firmware Aterm wf800hp Firmware Aterm wr8165n Dlink dir-501 Firmware Aterm wg1800hp4 Firmware Dlink dir-615 Aterm wf300hp2 Firmware Aterm wg1200hp Aterm w1200ex-ms Aterm wg1800hp3 Dlink dir-615 Firmware Aterm wg1200hp3 Firmware Aterm wf800hp Dlink dir-501 Aterm wg1900hp Aterm wg1800hp4 Aterm wg1900hp2 Firmware Aterm wf300hp2 Aterm w1200ex Firmware Aterm wg1200hs Aterm wg1200hs Firmware Aterm wg1200hp2 Aterm Aterm wg1200hp Firmware Aterm w300p Firmware Aterm w500p Firmware Dlink dir-515 Firmware Aterm wg1900hp Firmware Aterm wg1200hp3 Aterm wg1200hs2 Firmware Aterm wg1200hp2 Firmware Dlink dir-515 Aterm w300p Aterm wg1800hp3 Firmware Aterm w500p Aterm wg1200hs2 Aterm w1200ex |
26 Apr 2023, 19:27
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:d-link:dir-605l:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-809:a2:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-619l:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-809:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-605l:b1:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-600l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-619l:b1:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-605l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-600l:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-600l:b1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-905l:a1:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-619l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-905l_firmware:*:*:*:*:*:*:*:* |
cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:* |
Information
Published : 2015-05-01 15:59
Updated : 2025-02-03 16:15
NVD link : CVE-2014-8361
Mitre link : CVE-2014-8361
CVE.ORG link : CVE-2014-8361
JSON object : View
Products Affected
aterm
- w500p
- wg1200hs2
- w300p
- wg1800hp3_firmware
- wr8165n
- wf300hp2_firmware
- wg1200hp3_firmware
- w1200ex_firmware
- wf300hp2
- w500p_firmware
- w1200ex-ms_firmware
- wg1800hp4_firmware
- w1200ex-ms
- wf800hp
- wg1200hp_firmware
- wr8165n_firmware
- wg1900hp
- wg1800hp4
- wg1200hs
- wf800hp_firmware
- wg1200hs_firmware
- w300p_firmware
- wg1900hp_firmware
- wg1900hp2
- wg1900hp2_firmware
- wg1200hs2_firmware
- wg1200hp2_firmware
- w1200ex
- wg1800hp3
- wg1200hp2
- wg1200hp
- wg1200hp3
dlink
- dir-605l_firmware
- dir-515_firmware
- dir-619l
- dir-501_firmware
- dir-905l
- dir-809_firmware
- dir-619l_firmware
- dir-809
- dir-905l_firmware
- dir-605l
- dir-501
- dir-615
- dir-615_firmware
- dir-600l
- dir-515
- dir-600l_firmware
realtek
- realtek_sdk
CWE