CVE-2014-8361 Realtek SDK Command Injection Remote Code Execution Vulnerability.

漏洞类别:Hardware

漏洞等级:

漏洞信息

Realtek provides Full Range of Connectivity, Multimedia, and Consumer Electronics Solutions.

Realtek SDK Miniigd UPnP SOAP Command Execution. Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Failed exploit attempts will result in a denial-of-service condition.

Affected Product:
rtl81xx SDK

QID Detection Logic (UN-Authenticated)
This checks for HTTP header in response received from devices.

漏洞危害

On successful exploitation it allows remote attackers to execute arbitrary code on vulnerable installations of the Realtek SDK.

解决方案

No solution is available at the time of entry.

Workaround:
Restrict interaction with the service to trusted machines.

Leave a Reply