Realtek SDK miniigd SOAP Service RCE
Critical Nessus Plugin ID 83185
SynopsisA software development kit running on the remote device is affected by a remote code execution vulnerability.
DescriptionAccording to its banner, the Realtek Software Development Kit is running on the remote device. It is, therefore, affected by a flaw in the miniigd SOAP service due to a failure to properly sanitize user input when handling NewInternalClient requests. An unauthenticated, remote attacker, using a crafted request, can exploit this to execute arbitrary code with root level privileges.
SolutionThere is currently no fix available. As a workaround, restrict access to vulnerable devices.