CVE-2014-8361

Confirmed PUBLISHED

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in...

Realtek · SDK
Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
14
Unique Attacker IPs
12
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical EPSS 100.0%

At a Glance

The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.

windows metasploit cisa
CVE Published
May 01, 2015
Exploitation Reported
Sep 18, 2023
CVSS
9.8 Critical
EPSS
100.0%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • JVN#47580234 jvn.jp · Third-Party Advisory http://jvn.jp/en/jp/JVN47580234/index.html
  • JVN#67456944 jvn.jp · Third-Party Advisory http://jvn.jp/en/jp/JVN67456944/index.html
  • 37169 exploit-db.com · Exploit https://www.exploit-db.com/exploits/37169/
  • 74330 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/74330
  • zerodayinitiative.com/advisories/ZDI-15-155 zerodayinitiative.com · CVE Record http://www.zerodayinitiative.com/advisories/ZDI-15-155/
Show 4 more references

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.