cvelistv5 - cve-2014-8361

cve-2014-8361

Vulnerability from cvelistv5

Published

2015-05-01 00:00

Modified

2024-08-06 13:18

Severity ?

Summary

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

References

URL	Tags
cve@mitre.org	http://jvn.jp/en/jp/JVN47580234/index.html	Third Party Advisory
cve@mitre.org	http://jvn.jp/en/jp/JVN67456944/index.html	Third Party Advisory
cve@mitre.org	http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/74330	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.zerodayinitiative.com/advisories/ZDI-15-155/	Third Party Advisory, VDB Entry
cve@mitre.org	https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/	Third Party Advisory
cve@mitre.org	https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055	Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/37169/	Third Party Advisory, VDB Entry

Impacted products

▼	Vendor	Product
	n/a	n/a

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

Date added: 2023-09-18

Due date: 2023-10-09

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Used in ransomware: Unknown

Notes: https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:18:47.756Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
          },
          {
            "name": "74330",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74330"
          },
          {
            "name": "37169",
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37169/"
          },
          {
            "name": "JVN#47580234",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN47580234/index.html"
          },
          {
            "name": "JVN#67456944",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN67456944/index.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-05T21:35:13.232467",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
        },
        {
          "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
        },
        {
          "url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
        },
        {
          "name": "74330",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/74330"
        },
        {
          "name": "37169",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/37169/"
        },
        {
          "name": "JVN#47580234",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://jvn.jp/en/jp/JVN47580234/index.html"
        },
        {
          "name": "JVN#67456944",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://jvn.jp/en/jp/JVN67456944/index.html"
        },
        {
          "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
        },
        {
          "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-8361",
    "datePublished": "2015-05-01T00:00:00",
    "dateReserved": "2014-10-20T00:00:00",
    "dateUpdated": "2024-08-06T13:18:47.756Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2014-8361",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2023-09-18",
      "dueDate": "2023-10-09",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361",
      "product": "SDK",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.",
      "vendorProject": "Realtek",
      "vulnerabilityName": "Realtek SDK Improper Input Validation Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-8361\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-05-01T15:59:01.287\",\"lastModified\":\"2024-06-27T18:35:21.117\",\"vulnStatus\":\"Analyzed\",\"cisaExploitAdd\":\"2023-09-18\",\"cisaActionDue\":\"2023-10-09\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Realtek SDK Improper Input Validation Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.\"},{\"lang\":\"es\",\"value\":\"El servicio miniigd SOAP en Realtek SDK permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud NewInternalClient manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F50CC55A-1EA1-4096-8489-1CE1E991B305\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-905l:b1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21EDEA1E-6F3C-4E92-A732-270D1E086576\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.05b01\",\"matchCriteriaId\":\"05CB91FD-6322-48FB-8CCE-3E7DDB622063\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA9038E9-8519-4DC7-8843-74ADB3527A3F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.14b06\",\"matchCriteriaId\":\"01D15D52-C442-4ABE-917C-A50908082089\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F75E7D9C-03BE-4301-AF9E-9929C33F4EEA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.15\",\"matchCriteriaId\":\"90962768-A07F-4A1E-9500-F743FD1ECA96\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62471288-17B2-4FCA-A673-CC4B24FB6262\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3271958C-23CD-4937-A21A-905A18ECA736\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.15\",\"matchCriteriaId\":\"22544CBE-CE28-4E13-99CD-9855A76F8EDF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184F3169-C4BE-4ABF-AFED-B8D39522092F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CE2F27F-A180-4459-8D73-5544568BB53D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.04b02\",\"matchCriteriaId\":\"4CCC25F5-5E8A-4164-84D8-DDC0D3519E2B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B1FC91F-1B77-406F-ADB5-98B07866601E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.07b02\",\"matchCriteriaId\":\"89CE2A47-DC82-49A7-874E-C9533E153ECF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-605l:c1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DD38B14-B291-423A-912C-B1BB2070A9C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.03b07\",\"matchCriteriaId\":\"7B8247C1-8A71-4004-8ECE-1984335D697D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F28B093-482C-4105-A89D-8B1F1FFD59E9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.07b02\",\"matchCriteriaId\":\"2FCD4837-81DE-4C00-AC6C-0E7D6036E1D6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6966FB89-8C98-4FA3-B4CA-21CAD495A830\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.056b06\",\"matchCriteriaId\":\"C66EAA7D-A420-4CBF-AD01-754983012129\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-501_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.01b04\",\"matchCriteriaId\":\"1C1339C5-FD81-4885-AF24-A05BC1A3B02A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-501:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A8C6464-A044-4C0B-8ADB-C2F61C3009E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-515_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.01b04\",\"matchCriteriaId\":\"5FA66695-A646-4AB9-B128-A3D87C4C8284\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-515:a1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"037A3A92-EC1C-41AC-A93A-7319E8E98240\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17FD57FF-A596-4151-860C-3F0486CD85F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-615:j1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30B14CF6-4239-4BAB-ABA0-284AFDA2C9E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-615_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.06b03\",\"matchCriteriaId\":\"F41E73AD-5615-4084-AC4E-516A934303CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dlink:dir-615_firmware:10.01b02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17FD57FF-A596-4151-860C-3F0486CD85F4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:dlink:dir-615:fx:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63134C26-FEA9-4EF5-97D9-FEDA14B34516\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1900hp2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"A05F11D3-7701-4152-9937-04D7134B4FE6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1900hp2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E007A9B5-74FE-4230-9E3E-ACEA89FCABA8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1900hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.1\",\"matchCriteriaId\":\"D0DD2168-9BE3-49E8-952D-4775911C04D6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1900hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70FC2B64-D47F-42DF-B9B4-7FB07F98A150\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1800hp4_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"BCE7372C-DB92-419F-877C-CCE0DC3EBD6C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1800hp4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9BB5205-0D2E-43AF-B228-9C728B404EA3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1800hp3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.1\",\"matchCriteriaId\":\"DBDC178B-2033-47EA-B6CC-99880D5772A2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1800hp3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD47CE10-EBD2-49A9-9F1A-B77A502AC196\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1200hs2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0\",\"matchCriteriaId\":\"424AB1C2-6C52-4416-8983-53D4BCAA0F80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1200hs2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC88BDE5-19B4-4EF4-8C14-2DEB8EAD3D91\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1200hp3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"7ED15E56-530C-42A3-B3D3-9F1090C524D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1200hp3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F13C13D3-FB31-4E20-A5D4-992D4CF6BBCC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1200hp2_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.0\",\"matchCriteriaId\":\"F7FDD550-9FDE-4001-933E-51FF4FBDC5AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1200hp2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"347DFD5E-56E0-473F-A2B1-E3FD2E99573A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:w1200ex_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"88A2A125-9991-459A-99D2-5158B72372BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:w1200ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6D0D008-E851-4756-87E4-5FA60EE65040\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:w1200ex-ms_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.3.1\",\"matchCriteriaId\":\"C69CCDC3-BB41-45F2-987D-674FAD937F40\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:w1200ex-ms:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBD0A960-9FA2-4838-A867-7AC688749771\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1200hs_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C5C80AB-4775-4D46-9FC7-C341CEAB08A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1200hs:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C494FC-4284-4325-A05C-DDAAF86857F7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wg1200hp_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC81201F-93A7-4B54-A7FE-51E4FD12AE54\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wg1200hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E80DDB01-BA42-40E1-91A3-EBFCEC3F8A49\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wf800hp_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D83ABC6-AB7F-494C-B386-EB4212F50C55\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wf800hp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"141077D2-4439-44AA-9BD1-C60E253B4C6F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wf300hp2_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EF09945-D1B9-45FF-87DF-1573DB5F51BC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wf300hp2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"514DD5D5-E44F-432E-AE87-25DDA62636AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:wr8165n_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08699FDC-5E04-4CF3-9C9A-9231795A6420\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:wr8165n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90FC20CF-70E5-4E50-A383-E24CB0987280\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:w500p_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54E372D5-C699-4ED4-9AB3-326ADC9834BB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:w500p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9CC1968-0B25-4324-AB07-688B32770220\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:aterm:w300p_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B02F690-7098-4C8C-B453-3EC8C01F0343\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:aterm:w300p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A810B81E-8EE7-4F63-9380-7C68CB33B404\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN47580234/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN67456944/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74330\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-15-155/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/37169/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

ghsa-r272-2vh9-q99x

Vulnerability from github

Published

2022-05-13 01:11

Modified

2024-06-27 21:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8361"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-01T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.",
  "id": "GHSA-r272-2vh9-q99x",
  "modified": "2024-06-27T21:32:05Z",
  "published": "2022-05-13T01:11:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361"
    },
    {
      "type": "WEB",
      "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37169"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN47580234/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN67456944/index.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74330"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2014-8361

Vulnerability from jvndb

Published

2021-04-09 17:16

Modified

2021-04-09 17:16

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in multiple Aterm products

Details

Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below. *Cross-site Scripting (CWE-79) - CVE-2021-20680 *OS command injection via UPnP (CWE-78) - CVE-2014-8361 CVE-2021-20680 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2014-8361 Satoru Nagaoka of Cyber Defense Institute, Inc, Katsuhiko Sato (a.k.a. goroh_kun) and Ryo Kashiro of 00One, Inc. and Rintaro Fujita of Nippon Telegraph and Telephone Corporation reported to IPA that CVE-2014-8361 vulnerability still exists in NEC Corporation products. JPCERT/CC coordinated with the developer.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN67456944/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20680
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8361
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20680
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	NEC Corporation	Aterm W1200EX-MS firmware
	NEC Corporation	Aterm W1200EX firmware
	NEC Corporation	Aterm W300P firmware
	NEC Corporation	Aterm W500P firmware
	NEC Corporation	Aterm WF300HP2 firmware
	NEC Corporation	Aterm WF800HP firmware
	NEC Corporation	Aterm WG1200HP2 firmware
	NEC Corporation	Aterm WG1200HP3 firmware
	NEC Corporation	Aterm WG1200HP firmware
	NEC Corporation	Aterm WG1200HS2 firmware
	NEC Corporation	Aterm WG1200HS3 firmware
	NEC Corporation	Aterm WG1200HS firmware
	NEC Corporation	Aterm WG1800HP3 firmware
	NEC Corporation	Aterm WG1800HP4 firmware
	NEC Corporation	Aterm WG1900HP2 firmware
	NEC Corporation	Aterm WG1900HP firmware
	NEC Corporation	Aterm WR8165N firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000028.html",
  "dc:date": "2021-04-09T17:16+09:00",
  "dcterms:issued": "2021-04-09T17:16+09:00",
  "dcterms:modified": "2021-04-09T17:16+09:00",
  "description": "Multiple Aterm products provided by NEC Corporation contain multiple vulnerabilities listed below.\r\n\r\n*Cross-site Scripting (CWE-79) - CVE-2021-20680\r\n*OS command injection via UPnP (CWE-78) - CVE-2014-8361\r\n\r\nCVE-2021-20680\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2014-8361\r\nSatoru Nagaoka of Cyber Defense Institute, Inc, Katsuhiko Sato (a.k.a. goroh_kun) and Ryo Kashiro of 00One, Inc. and Rintaro Fujita of Nippon Telegraph and Telephone Corporation reported to IPA that CVE-2014-8361 vulnerability still exists in NEC Corporation products. JPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000028.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:nec:aterm_w1200ex-ms_firmware",
      "@product": "Aterm W1200EX-MS firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_w1200ex_firmware",
      "@product": "Aterm W1200EX firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_w300p_firmware",
      "@product": "Aterm W300P firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_w500p_firmware",
      "@product": "Aterm W500P firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wf300hp2_firmware",
      "@product": "Aterm WF300HP2 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wf800hp_firmware",
      "@product": "Aterm WF800HP firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hp2_firmware",
      "@product": "Aterm WG1200HP2 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hp3_firmware",
      "@product": "Aterm WG1200HP3 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hp_firmware",
      "@product": "Aterm WG1200HP firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hs2_firmware",
      "@product": "Aterm WG1200HS2 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hs3_firmware",
      "@product": "Aterm WG1200HS3 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200hs_firmware",
      "@product": "Aterm WG1200HS firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1800hp3_firmware",
      "@product": "Aterm WG1800HP3 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1800hp4_firmware",
      "@product": "Aterm WG1800HP4 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1900hp2_firmware",
      "@product": "Aterm WG1900HP2 firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1900hp_firmware",
      "@product": "Aterm WG1900HP firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wr8165n_firmware",
      "@product": "Aterm WR8165N firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000028",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN67456944/index.html",
      "@id": "JVN#67456944",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20680",
      "@id": "CVE-2021-20680",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20680",
      "@id": "CVE-2021-20680",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple Aterm products"
}

cve-2014-8361

Vulnerability from jvndb

Published

2017-08-08 18:07

Modified

2024-07-02 17:55

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

WSR-300HP vulnerable to arbitrary code execution

Details

WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN74871939/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8361
	CISA Known Exploited Vulnerabilities Catalog	https://www.cisa.gov/known-exploited-vulnerabilities-catalog
	Code Injection(CWE-94)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	BUFFALO INC.	WSR-300HP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000194.html",
  "dc:date": "2024-07-02T17:55+09:00",
  "dcterms:issued": "2017-08-08T18:07+09:00",
  "dcterms:modified": "2024-07-02T17:55+09:00",
  "description": "WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability.\r\n\r\nWSR-300HP provided by BUFFALO INC. is a wireless LAN router.  WSR-300HP contains an arbitrary code execution vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000194.html",
  "sec:cpe": {
    "#text": "cpe:/h:buffalo_inc:wsr-300hp",
    "@product": "WSR-300HP",
    "@vendor": "BUFFALO INC.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000194",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN74871939/index.html",
      "@id": "JVN#74871939",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "NVD"
    },
    {
      "#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
      "@id": "CVE-2014-8361",
      "@source": "CISA Known Exploited Vulnerabilities Catalog"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-94",
      "@title": "Code Injection(CWE-94)"
    }
  ],
  "title": "WSR-300HP vulnerable to arbitrary code execution"
}

cve-2014-8361

Vulnerability from jvndb

Published

2021-01-26 16:33

Modified

2021-01-26 16:33

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in multiple ELECOM products

Details

Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. *Improper Access Control (CWE-284) - CVE-2021-20643 *Script injection in web setup page (CWE-74) - CVE-2021-20644 *Stored cross-site scripting (CWE-79) - CVE-2021-20645 *Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 *OS command injection (CWE-78) - CVE-2021-20648 *Improper server certificate verification (CWE-295) - CVE-2021-20649 *OS command injection via UPnP (CWE-78) - CVE-2014-8361 CVE-2021-20643 NAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20644 Ryo Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20645, CVE-2021-20646 Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 Satoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20650 Yutaka WATANABE reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Satoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN47580234/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-8361
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20643
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20644
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20645
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20646
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20647
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20648
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20649
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-20650
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	ELECOM CO.,LTD.	LD-PS/U1
	ELECOM CO.,LTD.	NCC-EWF100RMWH2
	ELECOM CO.,LTD.	WRC-1467GHBK-A
	ELECOM CO.,LTD.	WRC-300FEBK-A
	ELECOM CO.,LTD.	WRC-300FEBK-S
	ELECOM CO.,LTD.	WRC-300FEBK firmware
	ELECOM CO.,LTD.	WRC-F300NF firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
  "dc:date": "2021-01-26T16:33+09:00",
  "dcterms:issued": "2021-01-26T16:33+09:00",
  "dcterms:modified": "2021-01-26T16:33+09:00",
  "description": "Multiple products provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below.\r\n*Improper Access Control (CWE-284) - CVE-2021-20643\r\n*Script injection in web setup page (CWE-74) - CVE-2021-20644\r\n*Stored cross-site scripting (CWE-79) - CVE-2021-20645\r\n*Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650\r\n*OS command injection (CWE-78) - CVE-2021-20648\r\n*Improper server certificate verification (CWE-295) - CVE-2021-20649\r\n*OS command injection via UPnP (CWE-78) - CVE-2014-8361\r\n\r\nCVE-2021-20643\r\nNAGAKAWA(ISHIBASHI), Tsuyoshi of INSTITUTE of INFORMATION SECURITY Yuasa Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20644\r\nRyo Sato reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20645, CVE-2021-20646\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20647, CVE-2021-20648, CVE-2021-20649\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20650\r\nYutaka WATANABE reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. and Daisuke Makita and Yoshiki Mori of National Institude of Information and Communications Technology reported that CVE-2014-8361 vulnerability still exists in ELECOM product to IPA. JPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000008.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:elecom:ld-ps%2fu1_firmware",
      "@product": "LD-PS/U1",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:ncc-ewf100rmwh2_firmware",
      "@product": "NCC-EWF100RMWH2",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-1467ghbk-a_firmware",
      "@product": "WRC-1467GHBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300febk-a_firmware",
      "@product": "WRC-300FEBK-A",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300febk-s_firmware",
      "@product": "WRC-300FEBK-S",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-300febk_firmware",
      "@product": "WRC-300FEBK firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:elecom:wrc-f300nf_firmware",
      "@product": "WRC-F300NF firmware",
      "@vendor": "ELECOM CO.,LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000008",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN47580234/index.html",
      "@id": "JVN#47580234",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20643",
      "@id": "CVE-2021-20643",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20644",
      "@id": "CVE-2021-20644",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20645",
      "@id": "CVE-2021-20645",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20646",
      "@id": "CVE-2021-20646",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20647",
      "@id": "CVE-2021-20647",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20648",
      "@id": "CVE-2021-20648",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20649",
      "@id": "CVE-2021-20649",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20650",
      "@id": "CVE-2021-20650",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-8361",
      "@id": "CVE-2014-8361",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20643",
      "@id": "CVE-2021-20643",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20644",
      "@id": "CVE-2021-20644",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20645",
      "@id": "CVE-2021-20645",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20646",
      "@id": "CVE-2021-20646",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20647",
      "@id": "CVE-2021-20647",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20648",
      "@id": "CVE-2021-20648",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20649",
      "@id": "CVE-2021-20649",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20650",
      "@id": "CVE-2021-20650",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple ELECOM products"
}

gsd-2014-8361

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

Aliases

CVE-2014-8361

Aliases

CVE-2014-8361

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8361",
    "description": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.",
    "id": "GSD-2014-8361",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-8361"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8361"
      ],
      "details": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.",
      "id": "GSD-2014-8361",
      "modified": "2023-12-13T01:22:49.484750Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-8361",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
          },
          {
            "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055",
            "refsource": "CONFIRM",
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
          },
          {
            "name": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
          },
          {
            "name": "74330",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74330"
          },
          {
            "name": "37169",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/37169/"
          },
          {
            "name": "JVN#47580234",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN47580234/index.html"
          },
          {
            "name": "JVN#67456944",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN67456944/index.html"
          },
          {
            "name": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/",
            "refsource": "MISC",
            "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
          },
          {
            "name": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055",
            "refsource": "MISC",
            "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.13",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.04",
                    "versionStartIncluding": "2.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.15",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.05",
                    "versionStartIncluding": "2.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.15",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.03",
                    "versionStartIncluding": "2.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.02",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-8361"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
            },
            {
              "name": "37169",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/37169/"
            },
            {
              "name": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
            },
            {
              "name": "74330",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/74330"
            },
            {
              "name": "JVN#47580234",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN47580234/index.html"
            },
            {
              "name": "JVN#67456944",
              "refsource": "JVN",
              "tags": [],
              "url": "http://jvn.jp/en/jp/JVN67456944/index.html"
            },
            {
              "name": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
            },
            {
              "name": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055",
              "refsource": "MISC",
              "tags": [],
              "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-09-05T22:15Z",
      "publishedDate": "2015-05-01T15:59Z"
    }
  }
}

var-201505-0274

Vulnerability from variot

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0274",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dir-619l",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.00"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.13"
      },
      {
        "model": "dir-619l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.03"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.04"
      },
      {
        "model": "dir-600l",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.00"
      },
      {
        "model": "dir-600l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.05"
      },
      {
        "model": "dir-605l",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.00"
      },
      {
        "model": "dir-605l",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.00"
      },
      {
        "model": "dir-600l",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.00"
      },
      {
        "model": "dir-600l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.15"
      },
      {
        "model": "dir-619l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.15"
      },
      {
        "model": "dir-809",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.02"
      },
      {
        "model": "sdk",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "realtek",
        "version": null
      },
      {
        "model": "dir-905l",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.02"
      },
      {
        "model": "dir-619l",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "2.00"
      },
      {
        "model": "dir-809",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "dlink",
        "version": "1.00"
      },
      {
        "model": "wsr-300hp",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "buffalo",
        "version": "firmware 2.30"
      },
      {
        "model": "ld-ps/u1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "elecom",
        "version": "(cve-2021-20643)"
      },
      {
        "model": "ncc-ewf100rmwh2",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "elecom",
        "version": "(cve-2021-20650)"
      },
      {
        "model": "wrc-1467ghbk-a",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "elecom",
        "version": "(cve-2021-20644)"
      },
      {
        "model": "wrc-300febk",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "elecom",
        "version": "(cve-2014-8361)"
      },
      {
        "model": "wrc-300febk-a",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "elecom",
        "version": "(cve-2021-20645, cve-2021-20646)"
      },
      {
        "model": "wrc-300febk-s",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "elecom",
        "version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
      },
      {
        "model": "wrc-f300nf",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "elecom",
        "version": "(cve-2014-8361)"
      },
      {
        "model": "dir-600l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "a1 ( firmware  1.15  )"
      },
      {
        "model": "dir-600l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "b1 ( firmware  2.056b06  )"
      },
      {
        "model": "dir-600l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.15"
      },
      {
        "model": "dir-600l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "2.056b06"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "a1 ( firmware  1.14b06  )"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "bx ( firmware  2.07b02  )"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "c1 ( firmware  3.03b07  )"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.14b06"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "2.07b02"
      },
      {
        "model": "dir-605l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "3.03b07"
      },
      {
        "model": "dir-619l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "a1 ( firmware  1.15  )"
      },
      {
        "model": "dir-619l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "b1 ( firmware  2.07b02  )"
      },
      {
        "model": "dir-619l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.15"
      },
      {
        "model": "dir-619l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "2.07b02"
      },
      {
        "model": "dir-809",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "a1 ( firmware  1.04b02  )"
      },
      {
        "model": "dir-809",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "a2 ( firmware  1.04b02  )"
      },
      {
        "model": "dir-809",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.04b02"
      },
      {
        "model": "dir-900l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "a1 ( firmware  1.14b02  )"
      },
      {
        "model": "dir-900l",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "d link",
        "version": "1.14b02"
      },
      {
        "model": "sdk",
        "scope": null,
        "trust": 0.8,
        "vendor": "realtek semiconductor corp",
        "version": null
      },
      {
        "model": "rtl81xx sdk",
        "scope": null,
        "trust": 0.7,
        "vendor": "realtek",
        "version": null
      },
      {
        "model": "dir-600l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "d link",
        "version": "1.15"
      },
      {
        "model": "dir-600l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "d link",
        "version": "2.05"
      },
      {
        "model": "dir-905l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "d link",
        "version": "1.02"
      },
      {
        "model": "dir-605l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "d link",
        "version": "1.13"
      },
      {
        "model": "dir-605l",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "d link",
        "version": "2.04"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.02",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.13",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.04",
                    "versionStartIncluding": "2.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.15",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.05",
                    "versionStartIncluding": "2.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.15",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "2.03",
                    "versionStartIncluding": "2.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.02",
                    "versionStartIncluding": "1.00",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ricky \"HeadlessZeke\" Lawshae",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "BID",
        "id": "74330"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      }
    ],
    "trust": 1.6
  },
  "cve": "CVE-2014-8361",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2014-8361",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000194",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 3.5,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.6,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-76306",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000194",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.2,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2021-000008",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2021-000008",
            "trust": 4.8,
            "value": "Medium"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-8361",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000194",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2021-000008",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2014-8361",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201504-581",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-76306",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-8361",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service  condition. Realtek SDK is a set of SDK development kit developed by Realtek",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "BID",
        "id": "74330"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361"
      }
    ],
    "trust": 4.14
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-76306",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37169",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-8361",
        "trust": 5.2
      },
      {
        "db": "ZDI",
        "id": "ZDI-15-155",
        "trust": 3.6
      },
      {
        "db": "JVN",
        "id": "JVN47580234",
        "trust": 2.6
      },
      {
        "db": "BID",
        "id": "74330",
        "trust": 2.1
      },
      {
        "db": "DLINK",
        "id": "SAP10055",
        "trust": 2.1
      },
      {
        "db": "JVN",
        "id": "JVN67456944",
        "trust": 1.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "37169",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "132090",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVN74871939",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-2435",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581",
        "trust": 0.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000028",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-97587",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-76306",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361"
      },
      {
        "db": "BID",
        "id": "74330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "id": "VAR-201505-0274",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      }
    ],
    "trust": 0.759098647142857
  },
  "last_update_date": "2024-04-18T13:16:59.233000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "BUFFALO INC. website",
        "trust": 0.8,
        "url": "http://buffalo.jp/support_s/s20170804_2.html"
      },
      {
        "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
        "trust": 0.8,
        "url": "https://www.elecom.co.jp/news/security/20210126-01/"
      },
      {
        "title": "RTL81xx",
        "trust": 0.8,
        "url": "http://www.realtek.com/search/default.aspx?keyword=rtl81"
      },
      {
        "title": "SAP10055",
        "trust": 0.8,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
      },
      {
        "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.Vendor Contact Timeline:08/13/2014 - ZDI wrote to vendor requesting contact and PGP09/04/2014 - ZDI wrote to vendor requesting contact and PGP09/29/2014 - ZDI wrote to vendor requesting contact and PGP10/22/2014 - ZDI wrote to vendor requesting contact and PGP, indicated \"final\" email attempt and informed of intent to 0-day04/24/2015 - Public release of advisory-- Mitigation:Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in  and numerous other Microsoft Knowledge Base articles.",
        "trust": 0.7,
        "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
      },
      {
        "title": "Realtek SDK miniigd SOAP Fixes for service remote code execution vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96763"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/xuguowong/mirai-mal "
      },
      {
        "title": "api.greynoise.io",
        "trust": 0.1,
        "url": "https://github.com/greynoise-intelligence/api.greynoise.io "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/valve-source-engine-fortnite-servers-crippled-by-gafgyt-variant/149719/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/new-mirai-samples-grow-the-number-of-processors-targets/143566/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/huawei-router-default-credential/140234/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/router-crapfest-malware-author-builds-18-000-strong-botnet-in-a-day/"
      },
      {
        "title": "Securelist",
        "trust": 0.1,
        "url": "https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h2-2017/85053/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/jenx-botnet-has-grand-theft-auto-hook/129759/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/satori-author-linked-to-new-mirai-variant-masuta/129640/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/satori-botnet-is-now-attacking-ethereum-mining-rigs/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/"
      },
      {
        "title": "BleepingComputer",
        "trust": 0.1,
        "url": "https://www.bleepingcomputer.com/news/security/amateur-hacker-behind-satori-botnet/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/unpatched-router-vulnerability-could-lead-to-code-execution/112524/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-94",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-352",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.9,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-15-155/"
      },
      {
        "trust": 2.4,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
      },
      {
        "trust": 2.1,
        "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
      },
      {
        "trust": 1.9,
        "url": "https://www.exploit-db.com/exploits/37169/"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/74330"
      },
      {
        "trust": 1.8,
        "url": "http://jvn.jp/en/jp/jvn47580234/index.html"
      },
      {
        "trust": 1.8,
        "url": "http://jvn.jp/en/jp/jvn67456944/index.html"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/132090/realtek-sdk-miniigd-upnp-soap-command-execution.html"
      },
      {
        "trust": 1.1,
        "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
      },
      {
        "trust": 1.1,
        "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/en/jp/jvn74871939/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/jp/jvn47580234/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8361"
      },
      {
        "trust": 0.7,
        "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000028.html"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.realtek.com.tw/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41532"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361"
      },
      {
        "db": "BID",
        "id": "74330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-8361"
      },
      {
        "db": "BID",
        "id": "74330"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "date": "2015-05-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "date": "2015-05-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8361"
      },
      {
        "date": "2015-04-24T00:00:00",
        "db": "BID",
        "id": "74330"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "date": "2021-01-26T03:12:23",
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "date": "2015-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      },
      {
        "date": "2015-05-01T15:59:01.287000",
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-24T00:00:00",
        "db": "ZDI",
        "id": "ZDI-15-155"
      },
      {
        "date": "2019-08-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-76306"
      },
      {
        "date": "2023-09-05T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-8361"
      },
      {
        "date": "2015-05-07T18:22:00",
        "db": "BID",
        "id": "74330"
      },
      {
        "date": "2017-08-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      },
      {
        "date": "2021-01-26T03:12:23",
        "db": "JVNDB",
        "id": "JVNDB-2021-000008"
      },
      {
        "date": "2015-05-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-008039"
      },
      {
        "date": "2021-04-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      },
      {
        "date": "2023-09-05T22:15:07.477000",
        "db": "NVD",
        "id": "CVE-2014-8361"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WSR-300HP vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000194"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201504-581"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-8361

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

ghsa-r272-2vh9-q99x

Vulnerability from github

cve-2014-8361

Vulnerability from jvndb

cve-2014-8361

Vulnerability from jvndb

cve-2014-8361

Vulnerability from jvndb

gsd-2014-8361

Vulnerability from gsd

var-201505-0274

Vulnerability from variot

Tags

Sightings

Nomenclature