CVE-2014-8361: Realtek SDK Improper Input Validation Vulnerability
First published: Fri May 01 2015(Updated: )
Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dlink Dir-905l Firmware | <=1.02 | |
| Dlink Dir-905l | =a1 | |
| Dlink Dir-605l Firmware | >=1.00<=1.13 | |
| Dlink Dir-605l Firmware | >=2.00<=2.04 | |
| Dlink Dir-605l | =a1 | |
| Dlink Dir-605l | =b1 | |
| Dlink Dir-600l Firmware | >=1.00<=1.15 | |
| Dlink Dir-600l Firmware | >=2.00<=2.05 | |
| Dlink Dir-600l | =a1 | |
| Dlink Dir-600l | =b1 | |
| Realtek Realtek Sdk | ||
| Dlink Dir-619l Firmware | >=1.00<=1.15 | |
| Dlink Dir-619l Firmware | >=2.00<=2.03 | |
| Dlink Dir-619l | =a1 | |
| Dlink Dir-619l | =b1 | |
| Dlink Dir-809 Firmware | >=1.00<=1.02 | |
| Dlink Dir-809 | =a1 | |
| Dlink Dir-809 | =a2 | |
| All of | ||
| Any of | ||
| Dlink Dir-905l | =a1 | |
| Dlink Dir-905l | =b1 | |
| Dlink Dir-905l Firmware | <=2.05b01 | |
| All of | ||
| Dlink Dir-605l | =a1 | |
| Dlink Dir-605l Firmware | <=1.14b06 | |
| All of | ||
| Dlink Dir-600l | =a1 | |
| Dlink Dir-600l Firmware | <=1.15 | |
| All of | ||
| Dlink Dir-619l | =a1 | |
| Dlink Dir-619l Firmware | <=1.15 | |
| All of | ||
| Any of | ||
| Dlink Dir-809 | =a1 | |
| Dlink Dir-809 | =a2 | |
| Dlink Dir-809 Firmware | <=1.04b02 | |
| All of | ||
| Dlink Dir-605l | =b1 | |
| Dlink Dir-605l Firmware | <=2.07b02 | |
| All of | ||
| Dlink Dir-605l | =c1 | |
| Dlink Dir-605l Firmware | <=3.03b07 | |
| All of | ||
| Dlink Dir-619l | =b1 | |
| Dlink Dir-619l Firmware | <=2.07b02 | |
| All of | ||
| Dlink Dir-600l | =b1 | |
| Dlink Dir-600l Firmware | <=2.056b06 | |
| All of | ||
| Dlink Dir-501 Firmware | <=1.01b04 | |
| Dlink Dir-501 | =a1 | |
| All of | ||
| Dlink Dir-515 Firmware | <=1.01b04 | |
| Dlink Dir-515 | =a1 | |
| All of | ||
| Dlink Dir-615 Firmware | =10.01b02 | |
| Dlink Dir-615 | =j1 | |
| All of | ||
| Any of | ||
| Dlink Dir-615 Firmware | <=6.06b03 | |
| Dlink Dir-615 Firmware | =10.01b02 | |
| Dlink Dir-615 | =fx | |
| All of | ||
| Aterm Wg1900hp2 Firmware | <=1.3.1 | |
| Aterm Wg1900hp2 | ||
| All of | ||
| Aterm Wg1900hp Firmware | <=2.5.1 | |
| Aterm Wg1900hp | ||
| All of | ||
| Aterm Wg1800hp4 Firmware | <=1.3.1 | |
| Aterm Wg1800hp4 | ||
| All of | ||
| Aterm Wg1800hp3 Firmware | <=1.5.1 | |
| Aterm Wg1800hp3 | ||
| All of | ||
| Aterm Wg1200hs2 Firmware | <=2.5.0 | |
| Aterm Wg1200hs2 | ||
| All of | ||
| Aterm Wg1200hp3 Firmware | <=1.3.1 | |
| Aterm Wg1200hp3 | ||
| All of | ||
| Aterm Wg1200hp2 Firmware | <=2.5.0 | |
| Aterm Wg1200hp2 | ||
| All of | ||
| Aterm W1200ex Firmware | <=1.3.1 | |
| Aterm W1200ex | ||
| All of | ||
| Aterm W1200ex-ms Firmware | <=1.3.1 | |
| Aterm W1200ex-ms | ||
| All of | ||
| Aterm Wg1200hs Firmware | ||
| Aterm Wg1200hs | ||
| All of | ||
| Aterm Wg1200hp Firmware | ||
| Aterm Wg1200hp | ||
| All of | ||
| Aterm Wf800hp Firmware | ||
| Aterm WF800HP | ||
| All of | ||
| Aterm Wf300hp2 Firmware | ||
| Aterm Wf300hp2 | ||
| All of | ||
| Aterm Wr8165n Firmware | ||
| Aterm Wr8165n | ||
| All of | ||
| Aterm W500p Firmware | ||
| Aterm W500p | ||
| All of | ||
| Aterm W300p Firmware | ||
| Aterm W300p | ||
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jvn.jp/en/jp/JVN47580234/index.html
- http://jvn.jp/en/jp/JVN67456944/index.html
- http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- http://www.securityfocus.com/bid/74330
- http://www.zerodayinitiative.com/advisories/ZDI-15-155/
- https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/
- https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- https://www.exploit-db.com/exploits/37169/
- https://www.theregister.com/2024/08/31/ip_cameras_mirai_botnet/
- https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055;
- https://nvd.nist.gov/vuln/detail/CVE-2014-8361
- collector/nvd-index
- agent/author
- agent/type
- agent/title
- agent/remedy
- agent/description
- agent/severity
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- collector/the-register
- source/The Register
- alias/CVE-2024-7029
- alias/CVE-2014-8361
- alias/CVE-2017-17215
- alias/CVE-2024-38856
- alias/CVE-2024-7965
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-cve
- vendor/dlink
- canonical/dlink dir-905l firmware
- version/dlink dir-905l firmware/1.02
- canonical/dlink dir-905l
- version/dlink dir-905l/a1
- canonical/dlink dir-605l firmware
- version/dlink dir-605l firmware/1.00
- version/dlink dir-605l firmware/1.13
- version/dlink dir-605l firmware/2.00
- version/dlink dir-605l firmware/2.04
- canonical/dlink dir-605l
- version/dlink dir-605l/a1
- version/dlink dir-605l/b1
- canonical/dlink dir-600l firmware
- version/dlink dir-600l firmware/1.00
- version/dlink dir-600l firmware/1.15
- version/dlink dir-600l firmware/2.00
- version/dlink dir-600l firmware/2.05
- canonical/dlink dir-600l
- version/dlink dir-600l/a1
- version/dlink dir-600l/b1
- vendor/realtek
- canonical/realtek realtek sdk
- canonical/dlink dir-619l firmware
- version/dlink dir-619l firmware/1.00
- version/dlink dir-619l firmware/1.15
- version/dlink dir-619l firmware/2.00
- version/dlink dir-619l firmware/2.03
- canonical/dlink dir-619l
- version/dlink dir-619l/a1
- version/dlink dir-619l/b1
- canonical/dlink dir-809 firmware
- version/dlink dir-809 firmware/1.00
- version/dlink dir-809 firmware/1.02
- canonical/dlink dir-809
- version/dlink dir-809/a1
- version/dlink dir-809/a2
- version/dlink dir-905l/b1
- version/dlink dir-905l firmware/2.05b01
- version/dlink dir-605l firmware/1.14b06
- version/dlink dir-809 firmware/1.04b02
- version/dlink dir-605l firmware/2.07b02
- version/dlink dir-605l/c1
- version/dlink dir-605l firmware/3.03b07
- version/dlink dir-619l firmware/2.07b02
- version/dlink dir-600l firmware/2.056b06
- canonical/dlink dir-501 firmware
- version/dlink dir-501 firmware/1.01b04
- canonical/dlink dir-501
- version/dlink dir-501/a1
- canonical/dlink dir-515 firmware
- version/dlink dir-515 firmware/1.01b04
- canonical/dlink dir-515
- version/dlink dir-515/a1
- canonical/dlink dir-615 firmware
- version/dlink dir-615 firmware/10.01b02
- canonical/dlink dir-615
- version/dlink dir-615/j1
- version/dlink dir-615 firmware/6.06b03
- version/dlink dir-615/fx
- vendor/aterm
- canonical/aterm wg1900hp2 firmware
- version/aterm wg1900hp2 firmware/1.3.1
- canonical/aterm wg1900hp2
- canonical/aterm wg1900hp firmware
- version/aterm wg1900hp firmware/2.5.1
- canonical/aterm wg1900hp
- canonical/aterm wg1800hp4 firmware
- version/aterm wg1800hp4 firmware/1.3.1
- canonical/aterm wg1800hp4
- canonical/aterm wg1800hp3 firmware
- version/aterm wg1800hp3 firmware/1.5.1
- canonical/aterm wg1800hp3
- canonical/aterm wg1200hs2 firmware
- version/aterm wg1200hs2 firmware/2.5.0
- canonical/aterm wg1200hs2
- canonical/aterm wg1200hp3 firmware
- version/aterm wg1200hp3 firmware/1.3.1
- canonical/aterm wg1200hp3
- canonical/aterm wg1200hp2 firmware
- version/aterm wg1200hp2 firmware/2.5.0
- canonical/aterm wg1200hp2
- canonical/aterm w1200ex firmware
- version/aterm w1200ex firmware/1.3.1
- canonical/aterm w1200ex
- canonical/aterm w1200ex-ms firmware
- version/aterm w1200ex-ms firmware/1.3.1
- canonical/aterm w1200ex-ms
- canonical/aterm wg1200hs firmware
- canonical/aterm wg1200hs
- canonical/aterm wg1200hp firmware
- canonical/aterm wg1200hp
- canonical/aterm wf800hp firmware
- canonical/aterm wf800hp
- canonical/aterm wf300hp2 firmware
- canonical/aterm wf300hp2
- canonical/aterm wr8165n firmware
- canonical/aterm wr8165n
- canonical/aterm w500p firmware
- canonical/aterm w500p
- canonical/aterm w300p firmware
- canonical/aterm w300p
- canonical/realtek sdk