Critical severity9.8CISA KEVNVD Advisory· Published May 1, 2015· Updated Apr 22, 2026

CVE-2014-8361

Description

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Affected products

Realtek/Realtek Sdk
cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*
Aterm/W1200ex Firmware
cpe:2.3:o:aterm:w1200ex_firmware:*:*:*:*:*:*:*:*
Range: <=1.3.1
Aterm/W1200ex Ms Firmware
cpe:2.3:o:aterm:w1200ex-ms_firmware:*:*:*:*:*:*:*:*
Range: <=1.3.1
Aterm/W300p Firmware
cpe:2.3:o:aterm:w300p_firmware:*:*:*:*:*:*:*:*
Aterm/W500p Firmware
cpe:2.3:o:aterm:w500p_firmware:*:*:*:*:*:*:*:*
Aterm/Wf300hp2 Firmware
cpe:2.3:o:aterm:wf300hp2_firmware:*:*:*:*:*:*:*:*
Aterm/Wf800hp Firmware
cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:*
Aterm/Wg1200hp2 Firmware
cpe:2.3:o:aterm:wg1200hp2_firmware:*:*:*:*:*:*:*:*
Range: <=2.5.0
Aterm/Wg1200hp3 Firmware
cpe:2.3:o:aterm:wg1200hp3_firmware:*:*:*:*:*:*:*:*
Range: <=1.3.1
Aterm/Wg1200hp Firmware
cpe:2.3:o:aterm:wg1200hp_firmware:*:*:*:*:*:*:*:*
Aterm/Wg1200hs2 Firmware
cpe:2.3:o:aterm:wg1200hs2_firmware:*:*:*:*:*:*:*:*
Range: <=2.5.0
Aterm/Wg1200hs Firmware
cpe:2.3:o:aterm:wg1200hs_firmware:*:*:*:*:*:*:*:*
Aterm/Wg1800hp3 Firmware
cpe:2.3:o:aterm:wg1800hp3_firmware:*:*:*:*:*:*:*:*
Range: <=1.5.1
Aterm/Wg1800hp4 Firmware
cpe:2.3:o:aterm:wg1800hp4_firmware:*:*:*:*:*:*:*:*
Range: <=1.3.1
Aterm/Wg1900hp2 Firmware
cpe:2.3:o:aterm:wg1900hp2_firmware:*:*:*:*:*:*:*:*
Range: <=1.3.1
Aterm/Wg1900hp Firmware
cpe:2.3:o:aterm:wg1900hp_firmware:*:*:*:*:*:*:*:*
Range: <=2.5.1
Aterm/Wr8165n Firmware
cpe:2.3:o:aterm:wr8165n_firmware:*:*:*:*:*:*:*:*
Dlink/Dir 501 Firmware
cpe:2.3:o:dlink:dir-501_firmware:*:*:*:*:*:*:*:*
Range: <=1.01b04
Dlink/Dir 515 Firmware
cpe:2.3:o:dlink:dir-515_firmware:*:*:*:*:*:*:*:*
Range: <=1.01b04
Dlink/Dir 600l Firmware
cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*
Range: <=1.15
Dlink/Dir 605l Firmware
cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*
Range: <=1.14b06
Dlink/Dir 615 Firmware2 versions
cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*range: <=6.06b03
- cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:*
Dlink/Dir 619l Firmware
cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*
Range: <=1.15
Dlink/Dir 809 Firmware
cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*
Range: <=1.04b02
Dlink/Dir 900l Firmware
cpe:2.3:o:dlink:dir-900l_firmware:*:*:*:*:*:*:*:*
Range: <1.15b01
Dlink/Dir 905l Firmware
cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*
Range: <=2.05b01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN47580234/index.htmlnvdThird Party Advisory
jvn.jp/en/jp/JVN67456944/index.htmlnvdThird Party Advisory
packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.htmlnvdThird Party AdvisoryVDB Entry
securityadvisories.dlink.com/security/publication.aspxnvdVendor Advisory
www.securityfocus.com/bid/74330nvdBroken LinkThird Party AdvisoryVDB Entry
www.zerodayinitiative.com/advisories/ZDI-15-155/nvdThird Party AdvisoryVDB Entry
sensorstechforum.com/hinatabot-cve-2014-8361-ddos/nvdThird Party Advisory
web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspxnvdThird Party Advisory
www.exploit-db.com/exploits/37169/nvdThird Party AdvisoryVDB Entry
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000