CVE-2014-8361

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2014-8361
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2015-05-01 15:59:00 UTC
Updated2023-09-05 22:15:00 UTC
DescriptionThe miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Risk And Classification

EPSS: 0.938930000 probability, percentile 0.998720000 (date 2026-04-01)

CISA KEV: Listed on 2023-09-18; due 2023-10-09; ransomware use Unknown

Problem Types: CWE-20

CISA Known Exploited Vulnerability

VendorRealtek
ProductSDK
NameRealtek SDK Improper Input Validation Vulnerability
Required ActionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Noteshttps://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Hardware D-link Dir-600l a1 All All All
Hardware D-link Dir-600l b1 All All All
Hardware D-link Dir-600l a1 All All All
Hardware D-link Dir-600l b1 All All All
Operating System D-link Dir-600l Firmware All All All All
Operating System D-link Dir-600l Firmware All All All All
Hardware D-link Dir-605l a1 All All All
Hardware D-link Dir-605l b1 All All All
Hardware D-link Dir-605l a1 All All All
Hardware D-link Dir-605l b1 All All All
Operating System D-link Dir-605l Firmware All All All All
Operating System D-link Dir-605l Firmware All All All All
Hardware D-link Dir-619l a1 All All All
Hardware D-link Dir-619l b1 All All All
Hardware D-link Dir-619l a1 All All All
Hardware D-link Dir-619l b1 All All All
Operating System D-link Dir-619l Firmware All All All All
Operating System D-link Dir-619l Firmware All All All All
Hardware D-link Dir-809 a1 All All All
Hardware D-link Dir-809 a2 All All All
Hardware D-link Dir-809 a1 All All All
Hardware D-link Dir-809 a2 All All All
Operating System D-link Dir-809 Firmware All All All All
Hardware D-link Dir-905l a1 All All All
Hardware D-link Dir-905l a1 All All All
Operating System D-link Dir-905l Firmware All All All All
Hardware Dlink Dir-600l a1 All All All
Hardware Dlink Dir-600l b1 All All All
Operating System Dlink Dir-600l Firmware All All All All
Operating System Dlink Dir-600l Firmware All All All All
Hardware Dlink Dir-605l a1 All All All
Hardware Dlink Dir-605l b1 All All All
Operating System Dlink Dir-605l Firmware All All All All
Operating System Dlink Dir-605l Firmware All All All All
Hardware Dlink Dir-619l a1 All All All
Hardware Dlink Dir-619l b1 All All All
Operating System Dlink Dir-619l Firmware All All All All
Operating System Dlink Dir-619l Firmware All All All All
Hardware Dlink Dir-809 a1 All All All
Hardware Dlink Dir-809 a2 All All All
Operating System Dlink Dir-809 Firmware All All All All
Hardware Dlink Dir-905l a1 All All All
Operating System Dlink Dir-905l Firmware All All All All
Application Realtek Realtek Sdk - All All All
Application Realtek Realtek Sdk - All All All

References

ReferenceSourceLinkTags
Realtek rtl81xx SDK CVE-2014-8361 Remote Code Execution Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
D-Link Technical Support MISC web.archive.org
New HinataBot Exploits CVE-2014-8361 in DDoS Attacks MISC sensorstechforum.com
Realtek SDK - Miniigd UPnP SOAP Command Execution (Metasploit) EXPLOIT-DB www.exploit-db.com Third Party Advisory, VDB Entry
D-Link Technical Support CONFIRM securityadvisories.dlink.com Vendor Advisory
Realtek SDK Miniigd UPnP SOAP Command Execution ≈ Packet Storm MISC packetstormsecurity.com Third Party Advisory, VDB Entry
Zero Day Initiative MISC www.zerodayinitiative.com Third Party Advisory, VDB Entry
JVN#67456944: Multiple vulnerabilities in multiple Aterm products JVN jvn.jp
JVN#47580234: Multiple vulnerabilities in multiple ELECOM products JVN jvn.jp Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
CISA Known Exploited Vulnerabilities catalog CISA www.cisa.gov kev
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report