CVE-2014-8361: Realtek SDK Improper Input Validation Vulnerability
First published: Fri May 01 2015(Updated: )
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Realtek SDK | ||
| D-Link DIR-905L Firmware | <=1.02 | |
| D-Link DIR-905L | =a1 | |
| D-Link DIR-605L Firmware | >=1.00<=1.13 | |
| D-Link DIR-605L Firmware | >=2.00<=2.04 | |
| D-Link DIR-605L | =a1 | |
| D-Link DIR-605L | =b1 | |
| D-Link DIR-600L Firmware | >=1.00<=1.15 | |
| D-Link DIR-600L Firmware | >=2.00<=2.05 | |
| D-Link DIR-600L | =a1 | |
| D-Link DIR-600L | =b1 | |
| Realtek SDK | ||
| D-Link DIR-619L Firmware | >=1.00<=1.15 | |
| D-Link DIR-619L Firmware | >=2.00<=2.03 | |
| dlink DIR-619L firmware | =a1 | |
| dlink DIR-619L firmware | =b1 | |
| D-Link DIR-809 Firmware | >=1.00<=1.02 | |
| dlink DIR-809 firmware | =a1 | |
| dlink DIR-809 firmware | =a2 | |
| All of | ||
| Any of | ||
| D-Link DIR-905L | =a1 | |
| D-Link DIR-905L | =b1 | |
| D-Link DIR-905L Firmware | <=2.05b01 | |
| All of | ||
| D-Link DIR-605L | =a1 | |
| D-Link DIR-605L Firmware | <=1.14b06 | |
| All of | ||
| D-Link DIR-600L | =a1 | |
| D-Link DIR-600L Firmware | <=1.15 | |
| All of | ||
| dlink DIR-619L firmware | =a1 | |
| D-Link DIR-619L Firmware | <=1.15 | |
| All of | ||
| Any of | ||
| dlink DIR-809 firmware | =a1 | |
| dlink DIR-809 firmware | =a2 | |
| D-Link DIR-809 Firmware | <=1.04b02 | |
| All of | ||
| D-Link DIR-605L | =b1 | |
| D-Link DIR-605L Firmware | <=2.07b02 | |
| All of | ||
| D-Link DIR-605L | =c1 | |
| D-Link DIR-605L Firmware | <=3.03b07 | |
| All of | ||
| dlink DIR-619L firmware | =b1 | |
| D-Link DIR-619L Firmware | <=2.07b02 | |
| All of | ||
| D-Link DIR-600L | =b1 | |
| D-Link DIR-600L Firmware | <=2.056b06 | |
| All of | ||
| D-Link DIR-501 Firmware | <=1.01b04 | |
| D-Link DIR-501 Firmware | =a1 | |
| All of | ||
| D-Link DIR-515 Firmware | <=1.01b04 | |
| D-Link DIR-515 | =a1 | |
| All of | ||
| D-Link DIR-615 | =10.01b02 | |
| D-Link DIR-615 | =j1 | |
| All of | ||
| Any of | ||
| D-Link DIR-615 | <=6.06b03 | |
| D-Link DIR-615 | =10.01b02 | |
| D-Link DIR-615 | =fx | |
| All of | ||
| NEC Aterm WG1900HP2 Firmware | <=1.3.1 | |
| Aterm WG1900HP2 | ||
| All of | ||
| NEC Aterm WG1900HP Firmware | <=2.5.1 | |
| NEC Aterm WG1900HP Firmware | ||
| All of | ||
| NEC Aterm WG1800HP4 firmware | <=1.3.1 | |
| Nec Aterm WG1800HP4 | ||
| All of | ||
| NEC Aterm WG1800HP3 firmware | <=1.5.1 | |
| NEC Aterm WG1800HP3 | ||
| All of | ||
| NEC Aterm WG1200HS2 firmware | <=2.5.0 | |
| Aterm WG1200HS2 | ||
| All of | ||
| NEC Aterm WG1200HP3 Firmware | <=1.3.1 | |
| NEC Aterm WG1200HP3 | ||
| All of | ||
| NEC Aterm WG1200HP2 firmware | <=2.5.0 | |
| Aterm WG1200HP2 firmware | ||
| All of | ||
| NEC Aterm W1200EX Firmware | <=1.3.1 | |
| NEC Aterm W1200EX Firmware | ||
| All of | ||
| Aterm W1200EX | <=1.3.1 | |
| Aterm W1200EX-MS Firmware | ||
| All of | ||
| NEC Aterm WG1200HS | ||
| NEC Aterm WG1200HS3 | ||
| All of | ||
| NEC Aterm WG1200HP firmware | ||
| Aterm WG1200HP2 firmware | ||
| All of | ||
| NEC Aterm WF800HP firmware | ||
| Aterm WF800HP Firmware | ||
| All of | ||
| NeC Aterm WF300HP2 Firmware | ||
| NEC Aterm WF300HP2 Firmware | ||
| All of | ||
| NEC Aterm WR8165N firmware | ||
| Aterm | ||
| All of | ||
| NEC Aterm W500P Firmware | ||
| NEC Aterm W500P | ||
| All of | ||
| Nec Aterm W300p Firmware | ||
| Nec Aterm W300p Firmware |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jvn.jp/en/jp/JVN47580234/index.html
- http://jvn.jp/en/jp/JVN67456944/index.html
- http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- http://www.securityfocus.com/bid/74330
- http://www.zerodayinitiative.com/advisories/ZDI-15-155/
- https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/
- https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- https://www.exploit-db.com/exploits/37169/
- https://www.theregister.com/2024/08/31/ip_cameras_mirai_botnet/
- https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055;
- https://nvd.nist.gov/vuln/detail/CVE-2014-8361
Frequently Asked Questions
What is the severity of CVE-2014-8361?
CVE-2014-8361 is a critical vulnerability that allows remote code execution due to improper input validation in the Realtek SDK.
How do I fix CVE-2014-8361?
To fix CVE-2014-8361, update the firmware of affected devices to the latest version provided by the vendor.
Which devices are affected by CVE-2014-8361?
Devices using the Realtek SDK, including various D-Link routers, are affected by CVE-2014-8361.
What types of attacks can exploit CVE-2014-8361?
CVE-2014-8361 can be exploited by remote attackers to execute arbitrary code through a crafted SOAP request.
Is there a workaround for CVE-2014-8361 if I cannot update?
A temporary workaround for CVE-2014-8361 may include disabling the miniigd SOAP service until a patch is applied.
- agent/type
- agent/title
- agent/remedy
- agent/description
- agent/severity
- agent/weakness
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-7029
- alias/CVE-2014-8361
- alias/CVE-2017-17215
- alias/CVE-2024-38856
- alias/CVE-2024-7965
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/trending
- agent/source
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-cve
- vendor/realtek
- canonical/realtek sdk
- vendor/dlink
- canonical/d-link dir-905l firmware
- version/d-link dir-905l firmware/1.02
- canonical/d-link dir-905l
- version/d-link dir-905l/a1
- canonical/d-link dir-605l firmware
- version/d-link dir-605l firmware/1.00
- version/d-link dir-605l firmware/1.13
- version/d-link dir-605l firmware/2.00
- version/d-link dir-605l firmware/2.04
- canonical/d-link dir-605l
- version/d-link dir-605l/a1
- version/d-link dir-605l/b1
- canonical/d-link dir-600l firmware
- version/d-link dir-600l firmware/1.00
- version/d-link dir-600l firmware/1.15
- version/d-link dir-600l firmware/2.00
- version/d-link dir-600l firmware/2.05
- canonical/d-link dir-600l
- version/d-link dir-600l/a1
- version/d-link dir-600l/b1
- canonical/d-link dir-619l firmware
- version/d-link dir-619l firmware/1.00
- version/d-link dir-619l firmware/1.15
- version/d-link dir-619l firmware/2.00
- version/d-link dir-619l firmware/2.03
- canonical/dlink dir-619l firmware
- version/dlink dir-619l firmware/a1
- version/dlink dir-619l firmware/b1
- canonical/d-link dir-809 firmware
- version/d-link dir-809 firmware/1.00
- version/d-link dir-809 firmware/1.02
- canonical/dlink dir-809 firmware
- version/dlink dir-809 firmware/a1
- version/dlink dir-809 firmware/a2
- version/d-link dir-905l/b1
- version/d-link dir-905l firmware/2.05b01
- version/d-link dir-605l firmware/1.14b06
- version/d-link dir-809 firmware/1.04b02
- version/d-link dir-605l firmware/2.07b02
- version/d-link dir-605l/c1
- version/d-link dir-605l firmware/3.03b07
- version/d-link dir-619l firmware/2.07b02
- version/d-link dir-600l firmware/2.056b06
- canonical/d-link dir-501 firmware
- version/d-link dir-501 firmware/1.01b04
- version/d-link dir-501 firmware/a1
- canonical/d-link dir-515 firmware
- version/d-link dir-515 firmware/1.01b04
- canonical/d-link dir-515
- version/d-link dir-515/a1
- canonical/d-link dir-615
- version/d-link dir-615/10.01b02
- version/d-link dir-615/j1
- version/d-link dir-615/6.06b03
- version/d-link dir-615/fx
- vendor/aterm
- canonical/nec aterm wg1900hp2 firmware
- version/nec aterm wg1900hp2 firmware/1.3.1
- canonical/aterm wg1900hp2
- canonical/nec aterm wg1900hp firmware
- version/nec aterm wg1900hp firmware/2.5.1
- canonical/nec aterm wg1800hp4 firmware
- version/nec aterm wg1800hp4 firmware/1.3.1
- canonical/nec aterm wg1800hp4
- canonical/nec aterm wg1800hp3 firmware
- version/nec aterm wg1800hp3 firmware/1.5.1
- canonical/nec aterm wg1800hp3
- canonical/nec aterm wg1200hs2 firmware
- version/nec aterm wg1200hs2 firmware/2.5.0
- canonical/aterm wg1200hs2
- canonical/nec aterm wg1200hp3 firmware
- version/nec aterm wg1200hp3 firmware/1.3.1
- canonical/nec aterm wg1200hp3
- canonical/nec aterm wg1200hp2 firmware
- version/nec aterm wg1200hp2 firmware/2.5.0
- canonical/aterm wg1200hp2 firmware
- canonical/nec aterm w1200ex firmware
- version/nec aterm w1200ex firmware/1.3.1
- canonical/aterm w1200ex
- version/aterm w1200ex/1.3.1
- canonical/aterm w1200ex-ms firmware
- canonical/nec aterm wg1200hs
- canonical/nec aterm wg1200hs3
- canonical/nec aterm wg1200hp firmware
- canonical/nec aterm wf800hp firmware
- canonical/aterm wf800hp firmware
- canonical/nec aterm wf300hp2 firmware
- canonical/nec aterm wr8165n firmware
- canonical/aterm
- canonical/nec aterm w500p firmware
- canonical/nec aterm w500p
- canonical/nec aterm w300p firmware