Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiRicky "HeadlessZeke" LawshaeZDI-15-155
HistoryApr 24, 2015 - 12:00 a.m.

(0Day) Realtek SDK miniigd AddPortMapping SOAP Action Command Injection Remote Code Execution Vulnerability

2015-04-2400:00:00
Ricky "HeadlessZeke" Lawshae
www.zerodayinitiative.com
55

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges.

Related

nessus 1
prion 1
packetstorm 1
threatpost 9
jvn 3
checkpoint_advisories 1
f5 1
attackerkb 1
cve 1
zdt 1
cisa_kev 1
thn 3
securelist 2
myhack58 1
mssecure 1
mmpc 1
nessus
nessus
Realtek SDK miniigd SOAP Service RCE
2015-05-01 00:00:00
prion
prion
Design/Logic Flaw
2015-05-01 15:59:00
packetstorm
packetstorm
Realtek SDK Miniigd UPnP SOAP Command Execution
2015-05-29 00:00:00
threatpost
threatpost
Routers Vulnerable to Critical Remote Code Execution Vulnerability
2015-04-30 14:07:04
Keksec Cybergang Debuts Simps Botnet for Gaming DDoS
2021-05-19 16:53:32
Code Used in Zero Day Huawei Router Attack Made Public
2017-12-28 14:01:00
jvn
jvn
JVN#74871939: WSR-300HP vulnerable to arbitrary code execution
2017-08-08 00:00:00
JVN#67456944: Multiple vulnerabilities in multiple Aterm products
2021-04-09 00:00:00
JVN#47580234: Multiple vulnerabilities in multiple ELECOM products
2021-01-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Realtek SDK Miniigd AddPortMapping SOAP Action Command Injection (CVE-2014-8361)
2016-09-20 00:00:00
f5
f5
K57390658 : miniigd SOAP service in Realtek SDK vulnerability CVE-2014-8361
2018-01-18 00:00:00
attackerkb
attackerkb
CVE-2014-8361
2015-05-01 00:00:00
cve
cve
CVE-2014-8361
2015-05-01 15:59:00
zdt
zdt
Realtek SDK Miniigd UPnP SOAP Command Execution Exploit
2015-06-02 00:00:00
cisa_kev
cisa_kev
Realtek SDK Improper Input Validation Vulnerability
2023-09-18 00:00:00
thn
thn
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
2023-03-17 12:07:00
New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild
2021-03-16 10:32:00
Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability
2023-09-20 05:28:00
securelist
securelist
Threat Landscape for Industrial Automation Systems in H2 2017
2018-03-26 10:00:27
New trends in the world of IoT threats
2018-09-18 10:00:36
myhack58
myhack58
Next from the printer coming out will be?-- The theory of the UPnP using the status quo and risk-vulnerability warning-the black bar safety net
2019-03-29 00:00:00
mssecure
mssecure
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00
mmpc
mmpc
Microsoft research uncovers new Zerobot capabilities
2022-12-21 20:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.969 High

EPSS

Percentile

99.7%

JSON
Related for ZDI-15-155
nessus1prion1packetstorm1threatpost9jvn3checkpoint_advisories1f51attackerkb1cve1zdt1cisa_kev1thn3securelist2myhack581mssecure1mmpc1