CVE-2014-8361

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-8361
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-15-155/ Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/37169/ Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/74330 Third Party Advisory VDB Entry
http://jvn.jp/en/jp/JVN47580234/index.html Third Party Advisory
http://jvn.jp/en/jp/JVN67456944/index.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:d-link:dir-905l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-905l:a1:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:d-link:dir-605l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dir-605l_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:d-link:dir-605l:a1:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-605l:b1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:d-link:dir-600l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dir-600l_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:d-link:dir-600l:a1:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-600l:b1:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:d-link:dir-619l_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:d-link:dir-619l_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:d-link:dir-619l:b1:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-619l:a1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:d-link:dir-809_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:d-link:dir-809:a1:*:*:*:*:*:*:*
cpe:2.3:h:d-link:dir-809:a2:*:*:*:*:*:*:*
Information

Published : 2015-05-01 08:59

Updated : 2021-04-09 00:15

NVD link : CVE-2014-8361

Mitre link : CVE-2014-8361

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

d-link

  • dir-809
  • dir-905l
  • dir-605l
  • dir-619l_firmware
  • dir-619l
  • dir-809_firmware
  • dir-600l
  • dir-605l_firmware
  • dir-905l_firmware
  • dir-600l_firmware

realtek

  • realtek_sdk