T
he miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
Configuration 21 (hide)
| AND |
|
Configuration 22 (hide)
| AND |
|
Configuration 23 (hide)
| AND |
|
Configuration 24 (hide)
| AND |
|
Configuration 25 (hide)
| AND |
|
Configuration 26 (hide)
| AND |
|
Configuration 27 (hide)
| AND |
|
Configuration 28 (hide)
| AND |
|
Configuration 29 (hide)
| AND |
|
Configuration 30 (hide)
| AND |
|
Configuration 31 (hide)
| AND |
|
History
22 Oct 2025, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
21 Oct 2025, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
26 Mar 2025, 19:37
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Dlink dir-900l Firmware
Dlink dir-900l |
|
| CPE | cpe:2.3:h:dlink:dir-900l:a1:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-900l_firmware:*:*:*:*:*:*:*:* |
03 Feb 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (es) El servicio SOAP miniigd en Realtek SDK permite a atacantes remotos ejecutar código arbitrario a través de una solicitud NewInternalClient manipulada específicamente, como se explotó de forma activa hasta 2023. |
21 Nov 2024, 02:18
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://jvn.jp/en/jp/JVN47580234/index.html - Third Party Advisory | |
| References | () http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory | |
| References | () http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html - Third Party Advisory, VDB Entry | |
| References | () http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () http://www.zerodayinitiative.com/advisories/ZDI-15-155/ - Third Party Advisory, VDB Entry | |
| References | () https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory | |
| References | () https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory | |
| References | () https://www.exploit-db.com/exploits/37169/ - Third Party Advisory, VDB Entry |
27 Jun 2024, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
| First Time |
Aterm w1200ex-ms Firmware
Dlink dir-615 Firmware Aterm wg1200hp2 Aterm wg1200hs Firmware Aterm wf800hp Aterm wf300hp2 Aterm wg1900hp Firmware Aterm w1200ex-ms Aterm wg1900hp Aterm wg1800hp4 Aterm wg1800hp3 Aterm wg1200hp3 Firmware Aterm wg1800hp3 Firmware Aterm w1200ex Dlink dir-515 Firmware Aterm wg1200hp3 Aterm w300p Firmware Aterm wg1200hs2 Firmware Aterm wg1800hp4 Firmware Aterm wg1200hp Firmware Aterm w1200ex Firmware Aterm w300p Aterm wg1900hp2 Aterm wg1200hp2 Firmware Aterm wg1200hs2 Aterm wf300hp2 Firmware Aterm wr8165n Firmware Aterm wf800hp Firmware Aterm wg1200hs Aterm wg1200hp Aterm wg1900hp2 Firmware Dlink dir-615 Dlink dir-501 Firmware Aterm Aterm wr8165n Aterm w500p Firmware Dlink dir-501 Dlink dir-515 Aterm w500p |
|
| CPE | cpe:2.3:o:aterm:wf300hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:w500p_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-615:j1:*:*:*:*:*:*:* cpe:2.3:h:aterm:wf800hp:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wr8165n:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-501:a1:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hp3:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:w1200ex-ms_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-605l:c1:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hs2_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1900hp2:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1800hp4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-501_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1900hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:w300p_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wr8165n_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-515_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hp2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hs_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:w300p:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1800hp4:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-515:a1:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hs:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:w1200ex_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hp2:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hp:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1200hs2:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:w500p:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:w1200ex:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:w1200ex-ms:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-905l:b1:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1900hp_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1900hp:-:*:*:*:*:*:*:* cpe:2.3:h:aterm:wf300hp2:-:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1200hp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:aterm:wg1800hp3_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:aterm:wg1800hp3:-:*:*:*:*:*:*:* cpe:2.3:h:dlink:dir-615:fx:*:*:*:*:*:*:* |
|
| CWE | NVD-CWE-noinfo | |
| References | () http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory | |
| References | () http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry | |
| References | () https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory | |
| References | () https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory |
Information
Published : 2015-05-01 15:59
Updated : 2025-10-22 00:15
NVD link : CVE-2014-8361
Mitre link : CVE-2014-8361
CVE.ORG link : CVE-2014-8361
JSON object : View
Products Affected
- dir-605l
- dir-900l_firmware
- dir-619l
- dir-600l
- dir-809_firmware
- dir-809
- dir-501
- dir-900l
- dir-905l
- dir-600l_firmware
- dir-515
- dir-615
- dir-619l_firmware
- dir-905l_firmware
- dir-515_firmware
- dir-605l_firmware
- dir-615_firmware
- dir-501_firmware
- wg1900hp
- w300p
- wg1800hp3_firmware
- wg1200hp3_firmware
- w1200ex_firmware
- wg1200hp_firmware
- w1200ex
- wg1200hs2_firmware
- wg1200hs2
- wf800hp_firmware
- w1200ex-ms_firmware
- wf300hp2_firmware
- wg1200hp
- wg1900hp_firmware
- wg1200hp2
- wg1900hp2_firmware
- wf300hp2
- w500p_firmware
- wr8165n
- wg1200hp3
- w1200ex-ms
- wg1900hp2
- wr8165n_firmware
- w300p_firmware
- wg1800hp4
- wg1200hs_firmware
- w500p
- wg1800hp3
- wg1800hp4_firmware
- wg1200hs
- wf800hp
- wg1200hp2_firmware
CWE