Lucene search

[email protected]NVD:CVE-2014-8361

HistoryMay 01, 2015 - 3:59 p.m.

CVE-2014-8361

2015-05-0115:59:01

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Affected configurations

NVD

Node

dlinkdir-905lMatcha1

dlinkdir-905lMatchb1

AND

dlinkdir-905l_firmwareRange≤2.05b01

Node

dlinkdir-605lMatcha1

AND

dlinkdir-605l_firmwareRange≤1.14b06

Node

dlinkdir-600lMatcha1

AND

dlinkdir-600l_firmwareRange≤1.15

Node

realtekrealtek_sdkMatch-

Node

dlinkdir-619lMatcha1

AND

dlinkdir-619l_firmwareRange≤1.15

Node

dlinkdir-809Matcha1

dlinkdir-809Matcha2

AND

dlinkdir-809_firmwareRange≤1.04b02

Node

dlinkdir-605lMatchb1

AND

dlinkdir-605l_firmwareRange≤2.07b02

Node

dlinkdir-605lMatchc1

AND

dlinkdir-605l_firmwareRange≤3.03b07

Node

dlinkdir-619lMatchb1

AND

dlinkdir-619l_firmwareRange≤2.07b02

Node

dlinkdir-600lMatchb1

AND

dlinkdir-600l_firmwareRange≤2.056b06

Node

dlinkdir-501_firmwareRange≤1.01b04

AND

dlinkdir-501Matcha1

Node

dlinkdir-515_firmwareRange≤1.01b04

AND

dlinkdir-515Matcha1

Node

dlinkdir-615_firmwareMatch10.01b02

AND

dlinkdir-615Matchj1

Node

dlinkdir-615_firmwareRange≤6.06b03

dlinkdir-615_firmwareMatch10.01b02

AND

dlinkdir-615Matchfx

Node

atermwg1900hp2_firmwareRange≤1.3.1

AND

atermwg1900hp2Match-

Node

atermwg1900hp_firmwareRange≤2.5.1

AND

atermwg1900hpMatch-

Node

atermwg1800hp4_firmwareRange≤1.3.1

AND

atermwg1800hp4Match-

Node

atermwg1800hp3_firmwareRange≤1.5.1

AND

atermwg1800hp3Match-

Node

atermwg1200hs2_firmwareRange≤2.5.0

AND

atermwg1200hs2Match-

Node

atermwg1200hp3_firmwareRange≤1.3.1

AND

atermwg1200hp3Match-

Node

atermwg1200hp2_firmwareRange≤2.5.0

AND

atermwg1200hp2Match-

Node

atermw1200ex_firmwareRange≤1.3.1

AND

atermw1200exMatch-

Node

atermw1200ex-ms_firmwareRange≤1.3.1

AND

atermw1200ex-msMatch-

Node

atermwg1200hs_firmware

AND

atermwg1200hsMatch-

Node

atermwg1200hp_firmware

AND

atermwg1200hpMatch-

Node

atermwf800hp_firmware

AND

atermwf800hpMatch-

Node

atermwf300hp2_firmware

AND

atermwf300hp2Match-

Node

atermwr8165n_firmware

AND

atermwr8165nMatch-

Node

atermw500p_firmware

AND

atermw500pMatch-

Node

atermw300p_firmware

AND

atermw300pMatch-

References

jvn.jp/en/jp/JVN47580234/index.html

jvn.jp/en/jp/JVN67456944/index.html

packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html

securityadvisories.dlink.com/security/publication.aspx?name=SAP10055

www.securityfocus.com/bid/74330

www.zerodayinitiative.com/advisories/ZDI-15-155/

sensorstechforum.com/hinatabot-cve-2014-8361-ddos/

web.archive.org/web/20150909230440/securityadvisories.dlink.com/security/publication.aspx?name=SAP10055

www.exploit-db.com/exploits/37169/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

Low

0.969 High

EPSS

Percentile

99.7%

JSON

Related for NVD:CVE-2014-8361

packetstorm1 nessus1 zdi1 prion1 jvn3 threatpost9 cvelist1 zdt1 f51 checkpoint_advisories1 attackerkb1 cisa_kev1 cve1 securelist2 thn3 myhack581 mssecure1 mmpc1