CVE-2014-8361

CRITICAL KEV

Realtek SDK - RCE

Title source: llm

Description

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/37169
metasploit WORKING POC NORMAL
by Ricky, Lawshae · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/realtek_miniigd_upnp_exec_noauth.rb
metasploit WORKING POC NORMAL
rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb

References (10)

Scores

CVSS v3 9.8
EPSS 0.9399
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2023-09-18
VulnCheck KEV 2015-05-01
InTheWild.io 2022-12-22
ENISA EUVD EUVD-2014-8198
Status published
Products (27)
aterm/w1200ex_firmware < 1.3.1
aterm/w1200ex-ms_firmware < 1.3.1
aterm/w300p_firmware
aterm/w500p_firmware
aterm/wf300hp2_firmware
aterm/wf800hp_firmware
aterm/wg1200hp2_firmware < 2.5.0
aterm/wg1200hp3_firmware < 1.3.1
aterm/wg1200hp_firmware
aterm/wg1200hs2_firmware < 2.5.0
... and 17 more
Published May 01, 2015
KEV Added Sep 18, 2023
Tracked Since Feb 18, 2026