CVE DATABASE / CVE-2014-8361
CVE-2014-8361
Realtek SDK Improper Input Validation Vulnerability
CVSS 9.8 · CRITICAL
⚠ CISA KEV — ACTIVELY EXPLOITED
On the CISA KEV catalog
Confirmed exploited in the wild. Added 2023-09-18.
Federal remediation due 2023-10-09.
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Summary
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
CVSS 3.1 breakdown
| Base score | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Affected products
Dlink dir-905l firmwareDlink dir-905lDlink dir-605l firmwareDlink dir-605lDlink dir-600l firmwareDlink dir-600lDlink dir-619l firmwareDlink dir-619lDlink dir-809 firmwareDlink dir-809Dlink dir-900l firmwareDlink dir-900lRealtek realtek sdkDlink dir-501 firmwareDlink dir-501Dlink dir-515 firmwareDlink dir-515Dlink dir-615 firmwareDlink dir-615Aterm wg1900hp2 firmware
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://jvn.jp/en/jp/JVN47580234/index.html
- http://jvn.jp/en/jp/JVN67456944/index.html
- http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html
- http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- http://www.securityfocus.com/bid/74330
- http://www.zerodayinitiative.com/advisories/ZDI-15-155/
- https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/
- https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055
- https://www.exploit-db.com/exploits/37169/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-22. Always verify against the vendor advisory before acting.