Realtek SDK miniigd SOAP Service RCE

Critical Nessus Plugin ID 83185


A software development kit running on the remote device is affected by a remote code execution vulnerability.


According to its banner, the Realtek Software Development Kit is running on the remote device. It is, therefore, affected by a flaw in the miniigd SOAP service due to a failure to properly sanitize user input when handling NewInternalClient requests. An unauthenticated, remote attacker, using a crafted request, can exploit this to execute arbitrary code with root level privileges.


There is currently no fix available. As a workaround, restrict access to vulnerable devices.

See Also

Plugin Details

Severity: Critical

ID: 83185

File Name: realtek_cve_2014_8361.nasl

Version: $Revision: 1.9 $

Type: remote

Family: Misc.

Published: 2015/05/01

Modified: 2018/02/13

Dependencies: 35711, 10107

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:U/RC:ND


Base Score: 9.8

Temporal Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:realtek:realtek_sdk

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2015/04/24

Exploitable With

Metasploit (Realtek SDK Miniigd UPnP SOAP Command Execution)

Reference Information

CVE: CVE-2014-8361

BID: 74330

OSVDB: 121276

ZDI: ZDI-15-155

EDB-ID: 37169