Remote code execution in Realtek SDK

Published: 2015-04-24 | Updated: 2018-12-14
Risk Critical
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2014-8361
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Realtek SDK
Universal components / Libraries / Software for developers

Vendor Realtek

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Improper input validation

EUVDB-ID: #VU16534

Risk: Critical


CVE-ID: CVE-2014-8361

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists within the miniigd SOAP service due to a failure to sanitize user data before executing a system call when handling malicious requests. A remote attacker can supply specially crafted NewInternalClient requests and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Note: the vulnerability is being exploited by various attachers to deliver several Mirai variants (e.g., Satori, JenX, etc.).


Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in and numerous other Microsoft Knowledge Base articles.

Vulnerable software versions

Realtek SDK: All versions

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?