CVE-2014-8361

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://jvn.jp/en/jp/JVN47580234/index.html	Third Party Advisory
http://jvn.jp/en/jp/JVN67456944/index.html	Third Party Advisory
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html	Third Party Advisory VDB Entry
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Vendor Advisory
http://www.securityfocus.com/bid/74330	Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-155/	Third Party Advisory VDB Entry
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/	Third Party Advisory
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Third Party Advisory
https://www.exploit-db.com/exploits/37169/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:dlink:dir-905l:a1:::::::*
	cpe:2.3:h:dlink:dir-905l:b1:::::::*

cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:h:dlink:dir-809:a1:::::::*
	cpe:2.3:h:dlink:dir-809:a2:::::::*

cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:h:dlink:dir-605l:c1:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*

cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:dlink:dir-501_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-501:a1:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dlink:dir-515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-515:a1:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-615:j1:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:dlink:dir-615_firmware::::::::
	cpe:2.3:o:dlink:dir-615_firmware:10.01b02:::::::*

cpe:2.3:h:dlink:dir-615:fx:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:aterm:wg1900hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1900hp2:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:aterm:wg1900hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1900hp:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:aterm:wg1800hp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1800hp4:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:aterm:wg1800hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1800hp3:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:aterm:wg1200hs2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hs2:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:aterm:wg1200hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hp3:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:aterm:wg1200hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hp2:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:aterm:w1200ex_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w1200ex:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:aterm:w1200ex-ms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w1200ex-ms:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:aterm:wg1200hs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hs:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:aterm:wg1200hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hp:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wf800hp:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:aterm:wf300hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wf300hp2:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:aterm:wr8165n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wr8165n:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:aterm:w500p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w500p:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:aterm:w300p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w300p:-:*:*:*:*:*:*:*

History

27 Jun 2024, 18:35

Type	Values Removed	Values Added
References	~~() http://jvn.jp/en/jp/JVN67456944/index.html -~~	() http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/74330 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ -~~	() https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory
References	~~() https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 -~~	() https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory
CVSS	v2 : ~~10.0~~ v3 : ~~unknown~~	v2 : 10.0 v3 : 9.8
CPE		cpe:2.3:o:aterm:wg1900hp_firmware:::::::: cpe:2.3:o:aterm:wg1200hp3_firmware:::::::: cpe:2.3:o:aterm:wr8165n_firmware:::::::: cpe:2.3:h:aterm:wg1200hp2:-:::::::* cpe:2.3:o:dlink:dir-515_firmware:::::::: cpe:2.3:h:dlink:dir-515:a1:::::::* cpe:2.3:h:dlink:dir-605l:c1:::::::* cpe:2.3:o:aterm:w300p_firmware:::::::: cpe:2.3:h:aterm:wg1200hs2:-:::::::* cpe:2.3:o:aterm:w1200ex_firmware:::::::: cpe:2.3:h:aterm:wg1900hp2:-:::::::* cpe:2.3:o:aterm:wg1800hp3_firmware:::::::: cpe:2.3:o:aterm:wg1200hs2_firmware:::::::: cpe:2.3:h:aterm:wf800hp:-:::::::* cpe:2.3:o:dlink:dir-615_firmware:10.01b02:::::::* cpe:2.3:h:dlink:dir-501:a1:::::::* cpe:2.3:h:aterm:wr8165n:-:::::::* cpe:2.3:h:aterm:w500p:-:::::::* cpe:2.3:o:aterm:wg1800hp4_firmware:::::::: cpe:2.3:h:aterm:w300p:-:::::::* cpe:2.3:o:aterm:w1200ex-ms_firmware:::::::: cpe:2.3:h:aterm:wg1200hp:-:::::::* cpe:2.3:h:aterm:wg1200hp3:-:::::::* cpe:2.3:h:aterm:w1200ex-ms:-:::::::* cpe:2.3:h:aterm:wg1800hp3:-:::::::* cpe:2.3:o:dlink:dir-501_firmware:::::::: cpe:2.3:o:dlink:dir-615_firmware:::::::: cpe:2.3:h:aterm:wg1200hs:-:::::::* cpe:2.3:h:dlink:dir-615:fx:::::::* cpe:2.3:h:dlink:dir-905l:b1:::::::* cpe:2.3:h:aterm:wg1800hp4:-:::::::* cpe:2.3:h:aterm:w1200ex:-:::::::* cpe:2.3:o:aterm:wg1200hp_firmware:::::::: cpe:2.3:o:aterm:wg1200hs_firmware:::::::: cpe:2.3:o:aterm:wf800hp_firmware:::::::: cpe:2.3:h:dlink:dir-615:j1:::::::* cpe:2.3:o:aterm:wg1900hp2_firmware:::::::: cpe:2.3:o:aterm:wg1200hp2_firmware:::::::: cpe:2.3:o:aterm:w500p_firmware:::::::: cpe:2.3:h:aterm:wf300hp2:-:::::::* cpe:2.3:h:aterm:wg1900hp:-:::::::* cpe:2.3:o:aterm:wf300hp2_firmware::::::::
CWE	~~CWE-20~~	NVD-CWE-noinfo
First Time		Aterm w1200ex-ms Firmware Aterm wg1800hp3 Dlink dir-615 Aterm wg1200hp3 Aterm wf300hp2 Firmware Aterm wr8165n Firmware Aterm wg1200hp Firmware Aterm w300p Aterm w500p Firmware Aterm Aterm wr8165n Dlink dir-501 Aterm wf300hp2 Aterm wg1200hs2 Firmware Dlink dir-515 Firmware Aterm wg1200hs2 Dlink dir-515 Dlink dir-501 Firmware Dlink dir-615 Firmware Aterm wg1200hs Aterm w1200ex-ms Aterm wg1900hp Firmware Aterm w1200ex Firmware Aterm wf800hp Firmware Aterm w300p Firmware Aterm wg1200hp2 Firmware Aterm wg1900hp2 Aterm wg1800hp4 Aterm w1200ex Aterm w500p Aterm wg1200hp Aterm wg1800hp4 Firmware Aterm wg1200hs Firmware Aterm wf800hp Aterm wg1900hp Aterm wg1200hp3 Firmware Aterm wg1800hp3 Firmware Aterm wg1900hp2 Firmware Aterm wg1200hp2

05 Sep 2023, 22:15

Type	Values Removed	Values Added
Summary	~~The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.~~	The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
References		(MISC) https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - (MISC) https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 -

Information

Published : 2015-05-01 15:59

Updated : 2024-06-27 18:35

NVD link : CVE-2014-8361

Mitre link : CVE-2014-8361

CVE.ORG link : CVE-2014-8361

JSON object : View

Products Affected

aterm

wf800hp_firmware
wg1200hp3
wg1200hs_firmware
w300p
wg1200hp
wg1800hp3
wr8165n
wg1800hp4
wg1200hs2
wr8165n_firmware
w500p_firmware
wg1200hs2_firmware
w1200ex
wg1200hp2
wg1900hp2_firmware
wg1800hp4_firmware
w1200ex_firmware
wf300hp2
w300p_firmware
wg1900hp2
wg1900hp_firmware
w1200ex-ms_firmware
w500p
wg1200hp2_firmware
wg1200hp_firmware
wf800hp
wg1200hp3_firmware
wg1200hs
w1200ex-ms
wg1800hp3_firmware
wg1900hp
wf300hp2_firmware

dlink

dir-615
dir-600l
dir-619l
dir-905l
dir-515
dir-615_firmware
dir-501
dir-809_firmware
dir-515_firmware
dir-619l_firmware
dir-605l
dir-809
dir-905l_firmware
dir-605l_firmware
dir-600l_firmware
dir-501_firmware

realtek

realtek_sdk

CWE

NVD-CWE-noinfo

9.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2014-8361

9.8^/10

10.0^/10

Attach tags to `CVE-2014-8361`