The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN47580234/index.html | Third Party Advisory |
http://jvn.jp/en/jp/JVN67456944/index.html | |
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html | Third Party Advisory VDB Entry |
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 | Vendor Advisory |
http://www.securityfocus.com/bid/74330 | Third Party Advisory VDB Entry |
http://www.zerodayinitiative.com/advisories/ZDI-15-155/ | Third Party Advisory VDB Entry |
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ | |
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 | |
https://www.exploit-db.com/exploits/37169/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
05 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. |
26 Apr 2023, 19:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Dlink dir-600l Firmware
Dlink dir-605l Firmware Dlink dir-809 Firmware Dlink dir-809 Dlink dir-905l Dlink dir-905l Firmware Dlink dir-600l Dlink dir-619l Dlink dir-605l Dlink Dlink dir-619l Firmware |
|
CPE | cpe:2.3:h:d-link:dir-905l:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-605l:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-600l:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-809:a2:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-619l:a1:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-905l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-605l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-619l:b1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-600l:b1:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-600l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:d-link:dir-619l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-809:a1:*:*:*:*:*:*:* cpe:2.3:h:d-link:dir-605l:b1:*:*:*:*:*:*:* |
cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:* |
09 Apr 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Feb 2021, 21:35
Type | Values Removed | Values Added |
---|---|---|
References | (JVN) http://jvn.jp/en/jp/JVN47580234/index.html - Third Party Advisory |
26 Jan 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2015-05-01 15:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-8361
Mitre link : CVE-2014-8361
CVE.ORG link : CVE-2014-8361
JSON object : View
Products Affected
dlink
- dir-619l_firmware
- dir-619l
- dir-809
- dir-600l
- dir-809_firmware
- dir-605l
- dir-905l_firmware
- dir-600l_firmware
- dir-605l_firmware
- dir-905l
realtek
- realtek_sdk
CWE
CWE-20
Improper Input Validation