Realtek SDK Miniigd AddPortMapping SOAP Action Command Injection (CVE-2014-8361)

A command injection vulnerability exists in Realtek SDK. The vulnerability is due to lack of input sanitization on user-supplied data when processing the NewInternalClient requests to the miniigd SOAP service. By sending a crafted SOAP request to the affected service, a remote unauthenticated attacker can exploit this vulnerability to execute code with root privileges.

Leave a Reply