CVE-2014-8361

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://jvn.jp/en/jp/JVN47580234/index.html	Third Party Advisory
http://jvn.jp/en/jp/JVN47580234/index.html	Third Party Advisory
http://jvn.jp/en/jp/JVN67456944/index.html	Third Party Advisory
http://jvn.jp/en/jp/JVN67456944/index.html	Third Party Advisory
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html	Third Party Advisory VDB Entry
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Vendor Advisory
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Vendor Advisory
http://www.securityfocus.com/bid/74330	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/74330	Broken Link Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-155/	Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-155/	Third Party Advisory VDB Entry
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/	Third Party Advisory
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/	Third Party Advisory
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Third Party Advisory
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Third Party Advisory
https://www.exploit-db.com/exploits/37169/	Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/37169/	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dlink:dir-905l:a1:::::::*
	cpe:2.3:h:dlink:dir-905l:b1:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-605l:c1:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dlink:dir-809:a1:::::::*
	cpe:2.3:h:dlink:dir-809:a2:::::::*

Configuration 10 (hide)

AND

cpe:2.3:o:dlink:dir-900l_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-900l:a1:*:*:*:*:*:*:*

Configuration 11 (hide)

cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:dlink:dir-501_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-501:a1:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:dlink:dir-515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-515:a1:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-615:j1:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dlink:dir-615:fx:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:aterm:wg1900hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1900hp2:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:aterm:wg1900hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1900hp:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:aterm:wg1800hp4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1800hp4:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:aterm:wg1800hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1800hp3:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:aterm:wg1200hs2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hs2:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:aterm:wg1200hp3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hp3:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:aterm:wg1200hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hp2:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:aterm:w1200ex_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w1200ex:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:aterm:w1200ex-ms_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w1200ex-ms:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:aterm:wg1200hs_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hs:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:aterm:wg1200hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wg1200hp:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wf800hp:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:aterm:wf300hp2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wf300hp2:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:aterm:wr8165n_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:wr8165n:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:aterm:w500p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w500p:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:aterm:w300p_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:aterm:w300p:-:*:*:*:*:*:*:*

History

26 Mar 2025, 19:37

Type	Values Removed	Values Added
CPE		cpe:2.3:h:dlink:dir-900l:a1:::::::* cpe:2.3:o:dlink:dir-900l_firmware::::::::
First Time		Dlink dir-900l Firmware Dlink dir-900l

20 Dec 2024, 03:42

Type	Values Removed	Values Added
References	~~(JVN) http://jvn.jp/en/jp/JVN47580234/index.html - Third Party Advisory~~	() http://jvn.jp/en/jp/JVN47580234/index.html - Third Party Advisory
References	~~(MISC) http://www.zerodayinitiative.com/advisories/ZDI-15-155/ - Third Party Advisory, VDB Entry~~	() http://www.zerodayinitiative.com/advisories/ZDI-15-155/ - Third Party Advisory, VDB Entry
References	~~(MISC) https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory~~	() https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory
References	~~(CONFIRM) http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Vendor Advisory~~	() http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry
References	~~(JVN) http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory~~	() http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory
References	~~(MISC) https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory~~	() https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory
References	~~(EXPLOIT-DB) https://www.exploit-db.com/exploits/37169/ - Third Party Advisory, VDB Entry~~	() https://www.exploit-db.com/exploits/37169/ - Third Party Advisory, VDB Entry
References	~~(MISC) http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html - Third Party Advisory, VDB Entry~~	() http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html - Third Party Advisory, VDB Entry

27 Jun 2024, 18:35

Type	Values Removed	Values Added
CWE	~~CWE-20~~	NVD-CWE-noinfo
CVSS	v2 : ~~10.0~~ v3 : ~~unknown~~	v2 : 10.0 v3 : 9.8
References		(MISC) https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ - Third Party Advisory (MISC) https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 - Third Party Advisory
References	~~(JVN) http://jvn.jp/en/jp/JVN67456944/index.html -~~	(JVN) http://jvn.jp/en/jp/JVN67456944/index.html - Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/74330 - Third Party Advisory, VDB Entry~~	(BID) http://www.securityfocus.com/bid/74330 - Broken Link, Third Party Advisory, VDB Entry
CPE		cpe:2.3:o:dlink:dir-615_firmware:::::::: cpe:2.3:h:dlink:dir-615:j1:::::::* cpe:2.3:h:aterm:wr8165n:-:::::::* cpe:2.3:h:dlink:dir-605l:c1:::::::* cpe:2.3:o:aterm:wg1800hp3_firmware:::::::: cpe:2.3:o:aterm:wg1200hp2_firmware:::::::: cpe:2.3:h:aterm:wg1800hp4:-:::::::* cpe:2.3:h:aterm:w500p:-:::::::* cpe:2.3:h:aterm:wg1200hp2:-:::::::* cpe:2.3:h:aterm:wg1900hp2:-:::::::* cpe:2.3:o:dlink:dir-515_firmware:::::::: cpe:2.3:h:aterm:w1200ex-ms:-:::::::* cpe:2.3:o:aterm:wr8165n_firmware:::::::: cpe:2.3:h:dlink:dir-905l:b1:::::::* cpe:2.3:o:aterm:wg1200hs_firmware:::::::: cpe:2.3:o:aterm:wg1900hp_firmware:::::::: cpe:2.3:h:aterm:wf300hp2:-:::::::* cpe:2.3:h:dlink:dir-501:a1:::::::* cpe:2.3:h:aterm:wg1200hs2:-:::::::* cpe:2.3:h:aterm:wg1900hp:-:::::::* cpe:2.3:o:aterm:wg1800hp4_firmware:::::::: cpe:2.3:o:aterm:w1200ex-ms_firmware:::::::: cpe:2.3:o:aterm:wg1200hp_firmware:::::::: cpe:2.3:h:aterm:wf800hp:-:::::::* cpe:2.3:o:aterm:w1200ex_firmware:::::::: cpe:2.3:h:aterm:wg1200hp3:-:::::::* cpe:2.3:h:dlink:dir-615:fx:::::::* cpe:2.3:h:aterm:wg1200hs:-:::::::* cpe:2.3:h:aterm:wg1200hp:-:::::::* cpe:2.3:o:aterm:w500p_firmware:::::::: cpe:2.3:o:aterm:wf800hp_firmware:::::::: cpe:2.3:o:aterm:wg1200hs2_firmware:::::::: cpe:2.3:o:aterm:w300p_firmware:::::::: cpe:2.3:o:aterm:wf300hp2_firmware:::::::: cpe:2.3:o:dlink:dir-501_firmware:::::::: cpe:2.3:h:dlink:dir-515:a1:::::::* cpe:2.3:h:aterm:w300p:-:::::::* cpe:2.3:o:dlink:dir-615_firmware:10.01b02:::::::* cpe:2.3:h:aterm:w1200ex:-:::::::* cpe:2.3:o:aterm:wg1900hp2_firmware:::::::: cpe:2.3:o:aterm:wg1200hp3_firmware:::::::: cpe:2.3:h:aterm:wg1800hp3:-:::::::*
First Time		Aterm wg1200hs Aterm wg1900hp2 Firmware Dlink dir-515 Firmware Aterm wf300hp2 Aterm w1200ex Aterm w1200ex-ms Firmware Aterm w500p Aterm wg1200hp2 Firmware Aterm w300p Dlink dir-615 Firmware Aterm w500p Firmware Aterm w1200ex Firmware Dlink dir-501 Firmware Aterm wg1800hp3 Aterm w300p Firmware Aterm wg1900hp2 Aterm wg1800hp4 Firmware Aterm wg1200hs2 Dlink dir-515 Aterm wg1200hp Firmware Dlink dir-501 Aterm wg1900hp Firmware Dlink dir-615 Aterm wg1200hp3 Firmware Aterm wg1200hp Aterm wg1200hp3 Aterm wf800hp Aterm wr8165n Aterm w1200ex-ms Aterm wg1800hp3 Firmware Aterm Aterm wr8165n Firmware Aterm wf800hp Firmware Aterm wg1800hp4 Aterm wg1200hs2 Firmware Aterm wg1200hp2 Aterm wg1200hs Firmware Aterm wg1900hp Aterm wf300hp2 Firmware
Summary	~~The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.~~	The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

26 Apr 2023, 19:27

Type	Values Removed	Values Added
First Time		Dlink dir-809 Firmware Dlink dir-605l Dlink dir-600l Firmware Dlink dir-905l Dlink dir-905l Firmware Dlink dir-605l Firmware Dlink dir-619l Dlink dir-809 Dlink dir-600l Dlink Dlink dir-619l Firmware
CPE	cpe:2.3:o:d-link:dir-605l_firmware:::::::: cpe:2.3:o:d-link:dir-809_firmware:::::::: cpe:2.3:h:d-link:dir-905l:a1:::::::* cpe:2.3:h:d-link:dir-605l:b1:::::::* cpe:2.3:h:d-link:dir-809:a2:::::::* cpe:2.3:o:d-link:dir-905l_firmware:::::::: cpe:2.3:h:d-link:dir-605l:a1:::::::* cpe:2.3:h:d-link:dir-809:a1:::::::* cpe:2.3:h:d-link:dir-619l:a1:::::::* cpe:2.3:o:d-link:dir-619l_firmware:::::::: cpe:2.3:h:d-link:dir-600l:a1:::::::* cpe:2.3:h:d-link:dir-600l:b1:::::::* cpe:2.3:o:d-link:dir-600l_firmware:::::::: cpe:2.3:h:d-link:dir-619l:b1:::::::*	cpe:2.3:o:dlink:dir-600l_firmware:::::::: cpe:2.3:o:dlink:dir-809_firmware:::::::: cpe:2.3:h:dlink:dir-600l:a1:::::::* cpe:2.3:h:dlink:dir-905l:a1:::::::* cpe:2.3:h:dlink:dir-619l:b1:::::::* cpe:2.3:h:dlink:dir-809:a2:::::::* cpe:2.3:o:dlink:dir-605l_firmware:::::::: cpe:2.3:h:dlink:dir-605l:a1:::::::* cpe:2.3:h:dlink:dir-600l:b1:::::::* cpe:2.3:h:dlink:dir-605l:b1:::::::* cpe:2.3:o:dlink:dir-619l_firmware:::::::: cpe:2.3:h:dlink:dir-619l:a1:::::::* cpe:2.3:h:dlink:dir-809:a1:::::::* cpe:2.3:o:dlink:dir-905l_firmware::::::::

Information

Published : 2015-05-01 15:59

Updated : 2025-03-26 19:37

NVD link : CVE-2014-8361

Mitre link : CVE-2014-8361

JSON object : View

Products Affected

aterm

wg1200hp2_firmware
wf800hp
wg1900hp
wg1800hp4_firmware
wg1200hs_firmware
wg1200hp3
wg1800hp3_firmware
wg1200hp_firmware
wf800hp_firmware
w300p
wg1900hp2_firmware
w500p_firmware
w1200ex_firmware
w500p
wg1900hp2
wf300hp2
wr8165n_firmware
w1200ex
w300p_firmware
w1200ex-ms
wg1200hs
wg1900hp_firmware
wg1800hp3
wr8165n
wg1200hs2_firmware
wg1200hp
wg1200hs2
wg1200hp3_firmware
wg1200hp2
w1200ex-ms_firmware
wf300hp2_firmware
wg1800hp4

dlink

dir-615
dir-501
dir-600l_firmware
dir-615_firmware
dir-900l
dir-515_firmware
dir-605l_firmware
dir-619l
dir-600l
dir-905l_firmware
dir-809
dir-809_firmware
dir-501_firmware
dir-515
dir-905l
dir-619l_firmware
dir-900l_firmware
dir-605l

realtek

realtek_sdk

CWE

NVD-CWE-noinfo

9.8 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2014-8361

9.8^/10

10.0^/10

Attach tags to `CVE-2014-8361`