Lucene search
HistoryJun 08, 2020 - 5:15 p.m.
CVE-2020-12695
open connectivity foundation
upnp
cve-2020-12695
callstranger
network security
vulnerability
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:N/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
AI Score
7.6
Confidence
High
EPSS
0.005
Percentile
77.5%
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Affected configurations
Node
uiunifi_controllerMatch-
Node
w1.fihostapdRange<2.0.0
Node
asusrt-n11Match-
Node
broadcomadslMatch-
Node
canonselphy_cp1200Match-
Node
ciscowap131Match-
ORciscowap150Match-
ORciscowap351Match-
Node
dlinkdvg-n5412spMatch-
Node
dellb1165nfwMatch-
Node
epsonep-101Match-
ORepsonew-m970a3tMatch-
ORepsonm571tMatch-
ORepsonxp-100Match-
ORepsonxp-2101Match-
ORepsonxp-2105Match-
ORepsonxp-241Match-
ORepsonxp-320Match-
ORepsonxp-330Match-
ORepsonxp-340Match-
ORepsonxp-4100Match-
ORepsonxp-4105Match-
ORepsonxp-440Match-
ORepsonxp-620Match-
ORepsonxp-630Match-
ORepsonxp-702Match-
ORepsonxp-8500Match-
ORepsonxp-8600Match-
ORepsonxp-960Match-
ORepsonxp-970Match-
Node
hp5020_z4a69aMatch-
ORhp5030_m2u92bMatch-
ORhp5030_z4a70aMatch-
ORhp5034_z4a74aMatch-
ORhp5660_f8b04aMatch-
ORhpdeskjet_ink_advantage_3456_a9t84cMatch-
ORhpdeskjet_ink_advantage_3545_a9t81aMatch-
ORhpdeskjet_ink_advantage_3545_a9t81cMatch-
ORhpdeskjet_ink_advantage_3545_a9t83bMatch-
ORhpdeskjet_ink_advantage_3546_a9t82aMatch-
ORhpdeskjet_ink_advantage_3548_a9t81bMatch-
ORhpdeskjet_ink_advantage_4515Match-
ORhpdeskjet_ink_advantage_4518Match-
ORhpdeskjet_ink_advantage_4535_f0v64aMatch-
ORhpdeskjet_ink_advantage_4535_f0v64bMatch-
ORhpdeskjet_ink_advantage_4535_f0v64cMatch-
ORhpdeskjet_ink_advantage_4536_f0v65aMatch-
ORhpdeskjet_ink_advantage_4538_f0v66bMatch-
ORhpdeskjet_ink_advantage_4675_f1h97aMatch-
ORhpdeskjet_ink_advantage_4675_f1h97bMatch-
ORhpdeskjet_ink_advantage_4675_f1h97cMatch-
ORhpdeskjet_ink_advantage_4676_f1h98aMatch-
ORhpdeskjet_ink_advantage_4678_f1h99bMatch-
ORhpdeskjet_ink_advantage_5575_g0v48bMatch-
ORhpdeskjet_ink_advantage_5575_g0v48cMatch-
ORhpenvy_100_cn517aMatch-
ORhpenvy_100_cn517bMatch-
ORhpenvy_100_cn517cMatch-
ORhpenvy_100_cn518aMatch-
ORhpenvy_100_cn519aMatch-
ORhpenvy_100_cn519bMatch-
ORhpenvy_110_cq809aMatch-
ORhpenvy_110_cq809bMatch-
ORhpenvy_110_cq809cMatch-
ORhpenvy_110_cq809dMatch-
ORhpenvy_110_cq812cMatch-
ORhpenvy_111_cq810aMatch-
ORhpenvy_114_cq811aMatch-
ORhpenvy_114_cq811bMatch-
ORhpenvy_114_cq812aMatch-
ORhpenvy_120_cz022aMatch-
ORhpenvy_120_cz022bMatch-
ORhpenvy_120_cz022cMatch-
ORhpenvy_4500_a9t80aMatch-
ORhpenvy_4500_a9t80bMatch-
ORhpenvy_4500_a9t89aMatch-
ORhpenvy_4500_d3p93aMatch-
ORhpenvy_4501_c8d05aMatch-
ORhpenvy_4502_a9t85aMatch-
ORhpenvy_4502_a9t87bMatch-
ORhpenvy_4503_e6g71bMatch-
ORhpenvy_4504_a9t88bMatch-
ORhpenvy_4504_c8d04aMatch-
ORhpenvy_4505_a9t86aMatch-
ORhpenvy_4507_e6g70bMatch-
ORhpenvy_4508_e6g72bMatch-
ORhpenvy_4509_d3p94aMatch-
ORhpenvy_4509_d3p94bMatch-
ORhpenvy_4511_k9h50aMatch-
ORhpenvy_4512_k9h49aMatch-
ORhpenvy_4513_k9h51aMatch-
ORhpenvy_4516_k9h52aMatch-
ORhpenvy_4520_e6g67aMatch-
ORhpenvy_4520_e6g67bMatch-
ORhpenvy_4520_f0v63aMatch-
ORhpenvy_4520_f0v63bMatch-
ORhpenvy_4520_f0v69aMatch-
ORhpenvy_4521_k9t10bMatch-
ORhpenvy_4522_f0v67aMatch-
ORhpenvy_4523_j6u60bMatch-
ORhpenvy_4524_f0v71bMatch-
ORhpenvy_4524_f0v72bMatch-
ORhpenvy_4524_k9t01aMatch-
ORhpenvy_4525_k9t09bMatch-
ORhpenvy_4526_k9t05bMatch-
ORhpenvy_4527_j6u61bMatch-
ORhpenvy_4528_k9t08bMatch-
ORhpenvy_5000_m2u85aMatch-
ORhpenvy_5000_m2u85bMatch-
ORhpenvy_5000_m2u91a
ORhpenvy_5000_m2u91aMatch-
ORhpenvy_5000_m2u94bMatch-
ORhpenvy_5000_z4a54aMatch-
ORhpenvy_5000_z4a74aMatch-
ORhpenvy_5020_m2u91bMatch-
ORhpenvy_5530Match-
ORhpenvy_5531Match-
ORhpenvy_5532Match-
ORhpenvy_5534Match-
ORhpenvy_5535Match-
ORhpenvy_5536Match-
ORhpenvy_5539Match-
ORhpenvy_5540_f2e72aMatch-
ORhpenvy_5540_g0v47aMatch-
ORhpenvy_5540_g0v51aMatch-
ORhpenvy_5540_g0v52aMatch-
ORhpenvy_5540_g0v53aMatch-
ORhpenvy_5540_k7c85aMatch-
ORhpenvy_5541_k7g89aMatch-
ORhpenvy_5542_k7c88aMatch-
ORhpenvy_5543_n9u88aMatch-
ORhpenvy_5544_k7c89aMatch-
ORhpenvy_5544_k7c93aMatch-
ORhpenvy_5545_g0v50aMatch-
ORhpenvy_5546_k7c90aMatch-
ORhpenvy_5547_j6u64aMatch-
ORhpenvy_5548_k7g87aMatch-
ORhpenvy_5640_b9s56aMatch-
ORhpenvy_5640_b9s58aMatch-
ORhpenvy_5642_b9s64aMatch-
ORhpenvy_5643_b9s63aMatch-
ORhpenvy_5644_b9s65aMatch-
ORhpenvy_5646_f8b05aMatch-
ORhpenvy_5664_f8b08aMatch-
ORhpenvy_5665_f8b06aMatch-
ORhpenvy_6020_5se16bMatch-
ORhpenvy_6020_5se17aMatch-
ORhpenvy_6020_6wd35aMatch-
ORhpenvy_6020_7cz37aMatch-
ORhpenvy_6052_5se18aMatch-
ORhpenvy_6055_5se16aMatch-
ORhpenvy_6540_b9s59aMatch-
ORhpenvy_7640Match-
ORhpenvy_7644_e4w46aMatch-
ORhpenvy_7645_e4w44aMatch-
ORhpenvy_photo_6200_k7g18aMatch-
ORhpenvy_photo_6200_k7g26bMatch-
ORhpenvy_photo_6200_k7s21bMatch-
ORhpenvy_photo_6200_y0k13d_Match-
ORhpenvy_photo_6200_y0k15aMatch-
ORhpenvy_photo_6220_k7g20dMatch-
ORhpenvy_photo_6220_k7g21bMatch-
ORhpenvy_photo_6222_y0k13dMatch-
ORhpenvy_photo_6222_y0k14dMatch-
ORhpenvy_photo_6230_k7g25bMatch-
ORhpenvy_photo_6232_k7g26bMatch-
ORhpenvy_photo_6234_k7s21bMatch-
ORhpenvy_photo_6252_k7g22aMatch-
ORhpenvy_photo_7100_3xd89aMatch-
ORhpenvy_photo_7100_k7g93aMatch-
ORhpenvy_photo_7100_k7g99aMatch-
ORhpenvy_photo_7100_z3m37aMatch-
ORhpenvy_photo_7100_z3m52aMatch-
ORhpenvy_photo_7120_z3m41dMatch-
ORhpenvy_photo_7155_z3m52aMatch-
ORhpenvy_photo_7164_k7g99aMatch-
ORhpenvy_photo_7800_k7r96aMatch-
ORhpenvy_photo_7800_k7s00aMatch-
ORhpenvy_photo_7800_k7s10dMatch-
ORhpenvy_photo_7800_y0g42dMatch-
ORhpenvy_photo_7800_y0g52bMatch-
ORhpenvy_photo_7822_y0g42dMatch-
ORhpenvy_photo_7822_y0g43dMatch-
ORhpenvy_photo_7830_y0g50bMatch-
ORhpenvy_pro_6420_5se45bMatch-
ORhpenvy_pro_6420_5se46aMatch-
ORhpenvy_pro_6420_6wd14aMatch-
ORhpenvy_pro_6420_6wd16aMatch-
ORhpenvy_pro_6452_5se47aMatch-
ORhpenvy_pro_6455_5se45aMatch-
ORhpofficejet_4650_e6g87aMatch-
ORhpofficejet_4650_f1h96aMatch-
ORhpofficejet_4650_f1h96bMatch-
ORhpofficejet_4652_f1j02aMatch-
ORhpofficejet_4652_f1j05bMatch-
ORhpofficejet_4652_k9v84bMatch-
ORhpofficejet_4654_f1j06bMatch-
ORhpofficejet_4654_f1j07bMatch-
ORhpofficejet_4655_f1j00aMatch-
ORhpofficejet_4655_k9v79aMatch-
ORhpofficejet_4655_k9v82bMatch-
ORhpofficejet_4656_k9v81bMatch-
ORhpofficejet_4657_v6d29bMatch-
ORhpofficejet_4658_v6d30bMatch-
Node
huaweihg255sMatch-
ORhuaweihg532eMatch-
Node
necwr8165nMatch-
Node
netgearwnhde111Match-
Node
ruckussecurityzonedirector_1200Match-
Node
tp-linkarcher_c50Match-
Node
ztezxv10_w300Match-
Node
zyxelamg1202-t10bMatch-
ORzyxelvmg8324-b10aMatch-
Node
microsoftwindows_10Match-
ORmicrosoftxbox_oneMatch10.0.19041.2494
Node
fedoraprojectfedoraMatch31
ORfedoraprojectfedoraMatch32
Node
debiandebian_linuxMatch9.0
ORdebiandebian_linuxMatch10.0
Node
canonicalubuntu_linuxMatch20.04lts
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ui | unifi_controller | - | cpe:/a:ui:unifi_controller:-::: |
References
packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
www.openwall.com/lists/oss-security/2020/06/08/2
corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
github.com/corelight/callstranger-detector
github.com/yunuscadirci/CallStranger
lists.debian.org/debian-lts-announce/2020/08/msg00011.html
lists.debian.org/debian-lts-announce/2020/08/msg00013.html
lists.debian.org/debian-lts-announce/2020/12/msg00017.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/
usn.ubuntu.com/4494-1/
www.callstranger.com
www.debian.org/security/2020/dsa-4806
www.debian.org/security/2021/dsa-4898
www.kb.cert.org/vuls/id/339275
www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
Social References
More
Related
openvas
openvas
Fedora: Security Advisory for gssdp (FEDORA-2020-1f7fc0d0c9)
2020-07-04 00:00:00
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-2477)
2020-11-05 00:00:00
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2021-1131)
2021-01-19 00:00:00
nessus
nessus
Rocky Linux 8 : gssdp and gupnp (RLSA-2021:1789)
2023-11-06 00:00:00
Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)
2021-05-26 00:00:00
RHEL 6 : hostapd (Unpatched Vulnerability)
2024-05-11 00:00:00
osv
osv
gupnp vulnerability
2020-09-15 11:22:53
CVE-2020-12695
2020-06-08 17:15:09
Moderate: gssdp and gupnp security update
2021-05-18 06:05:22
githubexploit
githubexploit
Exploit for Incorrect Default Permissions in Ui Unifi Controller
2020-06-10 14:18:34
Exploit for Incorrect Default Permissions in Ui Unifi Controller
2020-06-08 07:37:49
alpinelinux
alpinelinux
CVE-2020-12695
2020-06-08 17:15:09
ubuntucve
ubuntucve
CVE-2020-12695
2020-06-08 00:00:00
archlinux
archlinux
[ASA-202012-16] hostapd: proxy injection
2020-12-09 00:00:00
attackerkb
attackerkb
CVE-2020-12695 "CallStranger"
2020-06-08 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: hostapd-2.9-4.fc32
2020-07-03 01:19:38
[SECURITY] Fedora 31 Update: gssdp-1.0.4-1.fc31
2020-07-09 01:06:59
[SECURITY] Fedora 31 Update: gupnp-1.0.5-1.fc31
2020-07-09 01:07:00
cert
cert
debian
debian
[SECURITY] [DLA 2315-1] gupnp security update
2020-08-06 17:27:49
[SECURITY] [DLA 2489-1] minidlna security update
2020-12-10 21:27:37
[SECURITY] [DSA 4806-1] minidlna security update
2020-12-07 21:38:44
redhat
redhat
(RHSA-2021:1789) Moderate: gssdp and gupnp security update
2021-05-18 06:05:22
veracode
veracode
Authorization Bypass
2020-08-06 21:39:39
prion
prion
Open redirect
2020-06-08 17:15:00
redhatcve
redhatcve
CVE-2020-12695
2020-06-10 14:56:13
mageia
mageia
Updated gssdp/gupnp packages fix security vulnerability
2020-08-01 02:25:42
Updated minidlna packages fix security vulnerabilities
2020-12-31 17:32:44
cvelist
cvelist
CVE-2020-12695
2020-06-08 16:45:04
oraclelinux
oraclelinux
gssdp and gupnp security update
2021-05-25 00:00:00
ubuntu
ubuntu
GUPnP vulnerability
2020-09-15 00:00:00
wpa_supplicant and hostapd vulnerabilities
2021-02-11 00:00:00
ReadyMedia (MiniDLNA) vulnerabilities
2021-02-04 00:00:00
debiancve
debiancve
CVE-2020-12695
2020-06-08 17:15:09
cisa
cisa
CERT/CC Reports Vulnerability in Universal Plug and Play Protocol
2020-06-09 00:00:00
almalinux
almalinux
Moderate: gssdp and gupnp security update
2021-05-18 06:05:22
rocky
rocky
gssdp and gupnp security update
2021-05-18 06:05:22
nvd
nvd
CVE-2020-12695
2020-06-08 17:15:09
huawei
huawei
Security Advisory - CallStranger Vulnerability in UPnP Protocol
2020-07-01 00:00:00
suse
suse
Security update for minidlna (moderate)
2020-12-10 00:00:00
Security update for minidlna (moderate)
2020-12-07 00:00:00
Security update for minidlna (moderate)
2020-12-04 00:00:00
thn
thn
Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
2021-11-18 12:59:00
malwarebytes
malwarebytes
Cisco Small Business routers vulnerable to remote attacks, won’t get a patch
2021-08-19 20:29:09
slackware
slackware
[slackware-security] wpa_supplicant
2021-12-29 03:28:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:N/A:C
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
AI Score
7.6
Confidence
High
EPSS
0.005
Percentile
77.5%
Related for CVE-2020-12695