CVE-2014-8361

{"id": "CVE-2014-8361", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-05-01T15:59:01.287", "references": [{"url": "http://jvn.jp/en/jp/JVN47580234/index.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://jvn.jp/en/jp/JVN67456944/index.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/74330", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/", "source": "cve@mitre.org"}, {"url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/37169/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023."}, {"lang": "es", "value": "El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud NewInternalClient manipulada."}], "lastModified": "2023-09-05T22:15:07.477", "cisaActionDue": "2023-10-09", "cisaExploitAdd": "2023-09-18", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724D0F80-B486-45E7-813D-69435ABC7872", "versionEndIncluding": "1.02"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F50CC55A-1EA1-4096-8489-1CE1E991B305"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3D430AC-50CF-4A9B-9D38-68E8787EA560", "versionEndIncluding": "1.13", "versionStartIncluding": "1.00"}, {"criteria": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DAC501B-2BCD-416F-9129-8E919FECCAA7", "versionEndIncluding": "2.04", "versionStartIncluding": "2.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA9038E9-8519-4DC7-8843-74ADB3527A3F"}, {"criteria": "cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B1FC91F-1B77-406F-ADB5-98B07866601E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D68A3CF3-55BA-47F5-9BE9-A47808E350E5", "versionEndIncluding": "1.15", "versionStartIncluding": "1.00"}, {"criteria": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06A45859-04FD-4279-A11E-6A5219A4C7BA", "versionEndIncluding": "2.05", "versionStartIncluding": "2.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F75E7D9C-03BE-4301-AF9E-9929C33F4EEA"}, {"criteria": "cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6966FB89-8C98-4FA3-B4CA-21CAD495A830"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62471288-17B2-4FCA-A673-CC4B24FB6262"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0D793EA-3515-47AE-8C2C-5019CB7E98D5", "versionEndIncluding": "1.15", "versionStartIncluding": "1.00"}, {"criteria": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB1FDE8D-3AA2-432D-8A69-A079F03A0CBB", "versionEndIncluding": "2.03", "versionStartIncluding": "2.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3271958C-23CD-4937-A21A-905A18ECA736"}, {"criteria": "cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6F28B093-482C-4105-A89D-8B1F1FFD59E9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0437BBF6-2F2C-4FEF-9FD0-1C4DE3E9156F", "versionEndIncluding": "1.02", "versionStartIncluding": "1.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "184F3169-C4BE-4ABF-AFED-B8D39522092F"}, {"criteria": "cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6CE2F27F-A180-4459-8D73-5544568BB53D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Realtek SDK Improper Input Validation Vulnerability"}