CVE-2014-8361

CRITICAL KEV

Realtek SDK - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2014-8361 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 18, 2023. EIP tracks 3 public exploits from researchers including Metasploit, Ricky, Lawshae, including a Metasploit module exploits/linux/http/realtek_miniigd_upnp_exec_noauth.

AI-analyzed exploit summary This Metasploit module exploits a blind OS command injection vulnerability in the Realtek SDK's miniigd UPnP SOAP interface. It targets devices using the vulnerable SDK, such as the Trendnet TEW-731BR router, by injecting commands into the SOAP request parameters.

Description

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/37169

View Code ZIP pw:eip

This Metasploit module exploits a blind OS command injection vulnerability in the Realtek SDK's miniigd UPnP SOAP interface. It targets devices using the vulnerable SDK, such as the Trendnet TEW-731BR router, by injecting commands into the SOAP request parameters.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Realtek SDK miniigd daemon (UPnP SOAP interface)

No auth needed

Prerequisites: Network access to the vulnerable device's UPnP SOAP interface (port 52869 by default) · Device running Realtek SDK with vulnerable miniigd daemon

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Ricky, Lawshae · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/realtek_miniigd_upnp_exec_noauth.rb

View Code ZIP pw:eip

This Metasploit module exploits a blind OS command injection vulnerability in the Realtek SDK's miniigd UPnP SOAP interface. It targets devices using the vulnerable SDK, allowing remote command execution without authentication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Realtek SDK miniigd daemon (UPnP SOAP interface)

No auth needed

Prerequisites: Network access to the vulnerable device's UPnP SOAP interface (port 52869) · Device running Realtek SDK with vulnerable miniigd daemon

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb

View Code ZIP pw:eip

This Metasploit module exploits a blind OS command injection vulnerability in D-Link routers via the UPnP SOAP interface. It targets the 'NewInternalClient' field in the 'AddPortMapping' SOAP action to execute arbitrary commands without authentication.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: D-Link DIR-865, DIR-645 (and potentially other models)

No auth needed

Prerequisites: Network access to the UPnP SOAP interface (port 49152 by default) · Vulnerable D-Link device

MITRE ATT&CK