CVE-2014-8361
Published: 01 May 2015
Summary
CVE-2014-8361 is a critical-severity an unspecified weakness vulnerability in Dlink Dir-605L Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).
Deeper analysis
The miniigd SOAP service in Realtek SDK is affected by CVE-2014-8361, a remote code execution vulnerability that can be triggered by sending a crafted NewInternalClient request to the service. The flaw carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction and result in complete compromise of confidentiality, integrity, and availability.
Remote attackers can exploit the issue over the network to execute arbitrary code on affected devices. Public records indicate the vulnerability has been exploited in the wild through at least 2023.
Multiple vendor and third-party advisories, including D-Link SAP10055 and Japan Vulnerability Notes JVN47580234 and JVN67456944, document the issue along with related exploit artifacts published on Packet Storm and SecurityFocus.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2014-8198
Vulnerability details
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
- CWE(s)
- KEV Date Added
- 18 September 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the crafted NewInternalClient SOAP request that triggers arbitrary code execution in the miniigd service.
Restricts network-accessible exposure of the unauthenticated miniigd SOAP service, eliminating the remote attack vector.
Disables or removes the unnecessary miniigd SOAP service entirely, preventing exploitation of the vulnerable Realtek SDK component.