Strike ID:
E19-zukp1
CVSS:
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
False Positive:
t
Variants:
2
Year:
2014

Description

This strike exploits a remote code execution on Realtek SDK Miniigd UPnP SOAP service. This vulnerability is due to improper handling of the parameter under xml tag when a client sends SOAP traffic to the server. A remote unauthenticated attacker can exploit this vulnerability by sending crafted http requests to the target server. Successful exploitation results in remote code execution.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}