← Back to CVEs
CVE-2014-8361
CRITICALCISA KEV9.8
Description
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published5/1/2015
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorRealtek
ProductSDK
Vulnerability NameRealtek SDK Improper Input Validation Vulnerability
KEV Date Added2023-09-18
Remediation Due Date2023-10-09
Ransomware UseUnknown
Affected Products
aterm:w1200exaterm:w1200ex-msaterm:w1200ex-ms_firmwareaterm:w1200ex_firmwareaterm:w300paterm:w300p_firmwareaterm:w500paterm:w500p_firmwareaterm:wf300hp2aterm:wf300hp2_firmwareaterm:wf800hpaterm:wf800hp_firmwareaterm:wg1200hpaterm:wg1200hp2aterm:wg1200hp2_firmwareaterm:wg1200hp3aterm:wg1200hp3_firmwareaterm:wg1200hp_firmwareaterm:wg1200hsaterm:wg1200hs2aterm:wg1200hs2_firmwareaterm:wg1200hs_firmwareaterm:wg1800hp3aterm:wg1800hp3_firmwareaterm:wg1800hp4aterm:wg1800hp4_firmwareaterm:wg1900hpaterm:wg1900hp2aterm:wg1900hp2_firmwareaterm:wg1900hp_firmwareaterm:wr8165naterm:wr8165n_firmwaredlink:dir-501dlink:dir-501_firmwaredlink:dir-515dlink:dir-515_firmwaredlink:dir-600ldlink:dir-600l_firmwaredlink:dir-605ldlink:dir-605l_firmwaredlink:dir-615dlink:dir-615_firmwaredlink:dir-619ldlink:dir-619l_firmwaredlink:dir-809dlink:dir-809_firmwaredlink:dir-900ldlink:dir-900l_firmwaredlink:dir-905ldlink:dir-905l_firmwarerealtek:realtek_sdk
References
http://jvn.jp/en/jp/JVN47580234/index.html(cve@mitre.org)
http://jvn.jp/en/jp/JVN67456944/index.html(cve@mitre.org)
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html(cve@mitre.org)
http://www.securityfocus.com/bid/74330(cve@mitre.org)
http://www.zerodayinitiative.com/advisories/ZDI-15-155/(cve@mitre.org)
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/(cve@mitre.org)
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055(cve@mitre.org)
https://www.exploit-db.com/exploits/37169/(cve@mitre.org)
http://jvn.jp/en/jp/JVN47580234/index.html(af854a3a-2127-422b-91ae-364da2661108)
http://jvn.jp/en/jp/JVN67456944/index.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/74330(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-15-155/(af854a3a-2127-422b-91ae-364da2661108)
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/(af854a3a-2127-422b-91ae-364da2661108)
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/37169/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.