Vulnerabilities > CVE-2014-8361
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Vulnerable Configurations
Exploit-Db
description | Realtek SDK Miniigd UPnP SOAP Command Execution. CVE-2014-8361. Remote exploit for linux platform |
file | exploits/linux/remote/37169.rb |
id | EDB-ID:37169 |
last seen | 2016-02-04 |
modified | 2015-06-01 |
platform | linux |
port | 52869 |
published | 2015-06-01 |
reporter | metasploit |
source | https://www.exploit-db.com/download/37169/ |
title | Realtek SDK Miniigd UPnP SOAP Command Execution |
type | remote |
Metasploit
description Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested successfully on a Trendnet TEW-731BR router with emulation. id MSF:EXPLOIT/LINUX/HTTP/REALTEK_MINIIGD_UPNP_EXEC_NOAUTH last seen 2020-06-03 modified 2017-07-24 published 2015-05-03 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/realtek_miniigd_upnp_exec_noauth.rb title Realtek SDK Miniigd UPnP SOAP Command Execution description Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on DIR-865 and DIR-645 devices. id MSF:EXPLOIT/LINUX/HTTP/DLINK_UPNP_EXEC_NOAUTH last seen 2020-06-08 modified 2018-07-12 published 2013-07-14 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/dlink_upnp_exec_noauth.rb title D-Link Devices UPnP SOAP Command Execution
Nessus
NASL family | Misc. |
NASL id | REALTEK_CVE_2014_8361.NASL |
description | According to its banner, the Realtek Software Development Kit is running on the remote device. It is, therefore, affected by a flaw in the miniigd SOAP service due to a failure to properly sanitize user input when handling NewInternalClient requests. An unauthenticated, remote attacker, using a crafted request, can exploit this to execute arbitrary code with root level privileges. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 83185 |
published | 2015-05-01 |
reporter | This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/83185 |
title | Realtek SDK miniigd SOAP Service RCE |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/132090/realtek_miniigd_upnp_exec_noauth.rb.txt |
id | PACKETSTORM:132090 |
last seen | 2016-12-05 |
published | 2015-05-29 |
reporter | Michael Messner |
source | https://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html |
title | Realtek SDK Miniigd UPnP SOAP Command Execution |
References
- http://jvn.jp/en/jp/JVN47580234/index.html
- http://jvn.jp/en/jp/JVN47580234/index.html
- http://jvn.jp/en/jp/JVN67456944/index.html
- http://jvn.jp/en/jp/JVN67456944/index.html
- http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html
- http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- http://www.securityfocus.com/bid/74330
- http://www.securityfocus.com/bid/74330
- http://www.zerodayinitiative.com/advisories/ZDI-15-155/
- http://www.zerodayinitiative.com/advisories/ZDI-15-155/
- https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/
- https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/
- https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- https://www.exploit-db.com/exploits/37169/
- https://www.exploit-db.com/exploits/37169/