CVE-2014-8361

KEV

🔴 Łataj teraz

Usługa SOAP miniigd w Realtek SDK pozwala zdalnym atakującym na wykonanie dowolnego kodu.

CVSS

9.8

EPSS

94.0%

Exploit

weaponized

Vendor

aterm

Opis źródłowy (NVD)

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

brak Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.8
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	94.0%
Opublikowano (NVD)	2015-05-01 15:59:01 UTC
Ostatnia modyfikacja (NVD)	2026-04-22 14:27:40 UTC

Referencje

http://jvn.jp/en/jp/JVN47580234/index.html (cve@mitre.org) [Third Party Advisory]
http://jvn.jp/en/jp/JVN67456944/index.html (cve@mitre.org) [Third Party Advisory]
http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html (cve@mitre.org) [Third Party Advisory, VDB Entry]
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 (cve@mitre.org) [Vendor Advisory]
http://www.securityfocus.com/bid/74330 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
http://www.zerodayinitiative.com/advisories/ZDI-15-155/ (cve@mitre.org) [Third Party Advisory, VDB Entry]
https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/ (cve@mitre.org) [Third Party Advisory]
https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055 (cve@mitre.org) [Third Party Advisory]
https://www.exploit-db.com/exploits/37169/ (cve@mitre.org) [Third Party Advisory, VDB Entry]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]