CVE-2014-8361
published 2015-05-01CVE-2014-8361: The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2023-10-09
Exploited in the wild
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aterm | w1200ex-ms_firmware | <= 1.3.1 | — |
| aterm | w1200ex_firmware | <= 1.3.1 | — |
| aterm | wg1200hp2_firmware | <= 2.5.0 | — |
| aterm | wg1200hp3_firmware | <= 1.3.1 | — |
| aterm | wg1200hs2_firmware | <= 2.5.0 | — |
| aterm | wg1800hp3_firmware | <= 1.5.1 | — |
| aterm | wg1800hp4_firmware | <= 1.3.1 | — |
| aterm | wg1900hp2_firmware | <= 1.3.1 | — |
| aterm | wg1900hp_firmware | <= 2.5.1 | — |
| dlink | dir-501_firmware | <= 1.01b04 | — |
| dlink | dir-515_firmware | <= 1.01b04 | — |
| dlink | dir-600l_firmware | <= 1.15 | — |
| dlink | dir-600l_firmware | <= 2.056b06 | — |
| dlink | dir-605l_firmware | <= 1.14b06 | — |
| dlink | dir-605l_firmware | <= 2.07b02 | — |
| dlink | dir-605l_firmware | <= 3.03b07 | — |
| dlink | dir-615_firmware | <= 6.06b03 | — |
| dlink | dir-615_firmware | — | — |
| dlink | dir-619l_firmware | <= 1.15 | — |
| dlink | dir-619l_firmware | <= 2.07b02 | — |
| dlink | dir-809_firmware | <= 1.04b02 | — |
| dlink | dir-900l_firmware | < 1.15b01 | 1.15b01 |
| dlink | dir-905l_firmware | <= 2.05b01 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL