CVE-2014-8361

Description

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

CVSS Metrics

• v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 10AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 93.89%• Percentile: 100%

Affected Systems

• aterm•w1200ex_firmware

  ≤ 1.3.1

• aterm•w1200ex-ms_firmware

  ≤ 1.3.1

• aterm•wg1200hp2_firmware

  ≤ 2.5.0

• aterm•wg1200hp3_firmware

  ≤ 1.3.1

• aterm•wg1200hs2_firmware

  ≤ 2.5.0

• aterm•wg1800hp3_firmware

  ≤ 1.5.1

• aterm•wg1800hp4_firmware

  ≤ 1.3.1

• aterm•wg1900hp_firmware

  ≤ 2.5.1

• aterm•wg1900hp2_firmware

  ≤ 1.3.1

• dlink•dir-501_firmware

  ≤ 1.01b04

• dlink•dir-515_firmware

  ≤ 1.01b04

• dlink•dir-600l_firmware

  ≤ 1.15 | ≤ 2.056b06

• dlink•dir-605l_firmware

  ≤ 1.14b06 | ≤ 2.07b02 | ≤ 3.03b07

• dlink•dir-615_firmware

  10.01b02 | ≤ 6.06b03

• dlink•dir-619l_firmware

  ≤ 1.15 | ≤ 2.07b02

• dlink•dir-809_firmware

  ≤ 1.04b02

• dlink•dir-900l_firmware

  < 1.15b01

• dlink•dir-905l_firmware

  ≤ 2.05b01

• realtek•realtek_sdk

  na

References (10)

• http://www.zerodayinitiative.com/advisories/ZDI-15-155/
• http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
• http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html
• http://www.securityfocus.com/bid/74330
• https://www.exploit-db.com/exploits/37169/
• http://jvn.jp/en/jp/JVN47580234/index.html
• http://jvn.jp/en/jp/JVN67456944/index.html
• https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/
• https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361