CVE-2014-8361

Warnung

EPSS 94.03%
Veröffentlicht 01.05.2015 15:59:01
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dlink ≫ Dir-905l Firmware Version <= 2.05b01

Dlink ≫ Dir-905l Versiona1
Dlink ≫ Dir-905l Versionb1

Dlink ≫ Dir-605l Firmware Version <= 1.14b06

Dlink ≫ Dir-605l Versiona1

Dlink ≫ Dir-600l Firmware Version <= 1.15

Dlink ≫ Dir-600l Versiona1

Dlink ≫ Dir-619l Firmware Version <= 1.15

Dlink ≫ Dir-619l Versiona1

Dlink ≫ Dir-619l Firmware Version <= 2.07b02

Dlink ≫ Dir-619l Versionb1

Dlink ≫ Dir-605l Firmware Version <= 2.07b02

Dlink ≫ Dir-605l Versionb1

Dlink ≫ Dir-605l Firmware Version <= 3.03b07

Dlink ≫ Dir-605l Versionc1

Dlink ≫ Dir-600l Firmware Version <= 2.056b06

Dlink ≫ Dir-600l Versionb1

Dlink ≫ Dir-809 Firmware Version <= 1.04b02

Dlink ≫ Dir-809 Versiona1
Dlink ≫ Dir-809 Versiona2

Dlink ≫ Dir-900l Firmware Version < 1.15b01

Dlink ≫ Dir-900l Versiona1

Realtek ≫ Realtek Sdk Version-

Dlink ≫ Dir-501 Firmware Version <= 1.01b04

Dlink ≫ Dir-501 Versiona1

Dlink ≫ Dir-515 Firmware Version <= 1.01b04

Dlink ≫ Dir-515 Versiona1

Dlink ≫ Dir-615 Firmware Version10.01b02

Dlink ≫ Dir-615 Versionj1

Dlink ≫ Dir-615 Firmware Version <= 6.06b03

Dlink ≫ Dir-615 Versionfx

Aterm ≫ Wg1900hp2 Firmware Version <= 1.3.1

Aterm ≫ Wg1900hp2 Version-

Aterm ≫ Wg1900hp Firmware Version <= 2.5.1

Aterm ≫ Wg1900hp Version-

Aterm ≫ Wg1800hp4 Firmware Version <= 1.3.1

Aterm ≫ Wg1800hp4 Version-

Aterm ≫ Wg1800hp3 Firmware Version <= 1.5.1

Aterm ≫ Wg1800hp3 Version-

Aterm ≫ Wg1200hs2 Firmware Version <= 2.5.0

Aterm ≫ Wg1200hs2 Version-

Aterm ≫ Wg1200hp3 Firmware Version <= 1.3.1

Aterm ≫ Wg1200hp3 Version-

Aterm ≫ Wg1200hp2 Firmware Version <= 2.5.0

Aterm ≫ Wg1200hp2 Version-

Aterm ≫ W1200ex Firmware Version <= 1.3.1

Aterm ≫ W1200ex Version-

Aterm ≫ W1200ex-ms Firmware Version <= 1.3.1

Aterm ≫ W1200ex-ms Version-

Aterm ≫ Wg1200hs Firmware

Aterm ≫ Wg1200hs Version-

Aterm ≫ Wg1200hp Firmware

Aterm ≫ Wg1200hp Version-

Aterm ≫ Wf800hp Firmware

Aterm ≫ Wf800hp Version-

Aterm ≫ Wf300hp2 Firmware

Aterm ≫ Wf300hp2 Version-

Aterm ≫ Wr8165n Firmware

Aterm ≫ Wr8165n Version-

Aterm ≫ W500p Firmware

Aterm ≫ W500p Version-

Aterm ≫ W300p Firmware

Aterm ≫ W300p Version-

18.09.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Realtek SDK Improper Input Validation Vulnerability

Schwachstelle

Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.03%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H