Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
threatpostChris BrookTHREATPOST:B768158F88D25034EC975AA313B9339C
HistoryApr 30, 2015 - 2:07 p.m.

Routers Vulnerable to Critical Remote Code Execution Vulnerability

2015-04-3014:07:04
Chris Brook
threatpost.com
29

0.971 High

EPSS

Percentile

99.7%

JSON

A zero day vulnerability in popular household routers from D-Link and Trendnet could be exploited by attackers to run arbitrary code on devices.

The flaw, which can be exploited without authentication, is present in version 1.3 of Realtek’s SDK, which figures into some brands of routers, according to by HP’s Zero Day Initiative who disclosed the vulnerability last Friday.

“The specific flaw exists within the miniigd SOAP service,” reads the advisory, “The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a service call. An attacker could leverage this vulnerability to execute code with root privileges.”

Ricky “Headless Zeke” Lawshae, a security researcher for DV Labs at HP’s Tipping Point reported the vulnerability (CVE-2014-8361) to HP’s ZDI in August 2014. Lawshae initially identified the vulnerabilities in routers from Trendnet and D-link, but acknowledged on Twitter over the weekend that anything using the miniigd binary from Realtek’s SDK could be vulnerable.

> Remember that 0day I mentioned a loooong time ago? The advisory just went up.
>
> — HeadlessZeke (@HeadlessZeke) April 24, 2015

> Unauth remote root via the WAN port on a huge number of SOHO routers using the RealTek chipset SDK <http://t.co/tVWqJuvNl3&gt;
>
> — HeadlessZeke (@HeadlessZeke) April 24, 2015

ZDI reached out to the vendor four times from August to October last year without hearing back and decided to go public with the vulnerability last week.

To mitigate the vulnerability, ZDI is instructing users to restrict Realtek SDK’s interaction to trusted machines. Using either firewalls or whitelisting, users should only grant “clients and servers that have a legitimate procedural relationship” with the SDK the ability to access it.

Router companies have had an extraordinarily tough go of it on the security front this year. D-Link in particular has been forced to patch a handful of vulnerabilities in its home routers that gave attackers root access and enabled DNS hijacking throughout February and March.

Related

prion 1
nessus 1
zdi 1
packetstorm 1
jvn 3
checkpoint_advisories 1
zdt 1
f5 1
threatpost 8
cisa_kev 1
attackerkb 1
cve 1
thn 3
securelist 2
myhack58 1
mmpc 1
mssecure 1
prion
prion
Design/Logic Flaw
2015-05-01 15:59:00
nessus
nessus
Realtek SDK miniigd SOAP Service RCE
2015-05-01 00:00:00
zdi
zdi
(0Day) Realtek SDK miniigd AddPortMapping SOAP Action Command Injection Remote Code Execution Vulnerability
2015-04-24 00:00:00
packetstorm
packetstorm
Realtek SDK Miniigd UPnP SOAP Command Execution
2015-05-29 00:00:00
jvn
jvn
JVN#74871939: WSR-300HP vulnerable to arbitrary code execution
2017-08-08 00:00:00
JVN#67456944: Multiple vulnerabilities in multiple Aterm products
2021-04-09 00:00:00
JVN#47580234: Multiple vulnerabilities in multiple ELECOM products
2021-01-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Realtek SDK Miniigd AddPortMapping SOAP Action Command Injection (CVE-2014-8361)
2016-09-20 00:00:00
zdt
zdt
Realtek SDK Miniigd UPnP SOAP Command Execution Exploit
2015-06-02 00:00:00
f5
f5
K57390658 : miniigd SOAP service in Realtek SDK vulnerability CVE-2014-8361
2018-01-18 00:00:00
threatpost
threatpost
Keksec Cybergang Debuts Simps Botnet for Gaming DDoS
2021-05-19 16:53:32
Code Used in Zero Day Huawei Router Attack Made Public
2017-12-28 14:01:00
New Mirai Samples Grow the Number of Processor Targets
2019-04-08 20:40:56
cisa_kev
cisa_kev
Realtek SDK Improper Input Validation Vulnerability
2023-09-18 00:00:00
attackerkb
attackerkb
CVE-2014-8361
2015-05-01 00:00:00
cve
cve
CVE-2014-8361
2015-05-01 15:59:00
thn
thn
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
2023-03-17 12:07:00
New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild
2021-03-16 10:32:00
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability
2023-09-20 05:28:00
securelist
securelist
Threat Landscape for Industrial Automation Systems in H2 2017
2018-03-26 10:00:27
New trends in the world of IoT threats
2018-09-18 10:00:36
myhack58
myhack58
Next from the printer coming out will be?-- The theory of the UPnP using the status quo and risk-vulnerability warning-the black bar safety net
2019-03-29 00:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00

0.971 High

EPSS

Percentile

99.7%

JSON
Related for THREATPOST:B768158F88D25034EC975AA313B9339C
prion1nessus1zdi1packetstorm1jvn3checkpoint_advisories1zdt1f51threatpost8cisa_kev1attackerkb1cve1thn3securelist2myhack581mmpc1mssecure1