logo
DATABASE RESOURCES PRICING ABOUT US

Security Advisory - CallStranger Vulnerability in UPnP Protocol

Description

There is an vulnerability in UPnP protocol that does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, named CallStranger. The UPnP function of Huawei product is enabled only on the LAN side and is not enabled on the WAN side. (Vulnerability ID: HWPSIRT-2020-04132) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-12695. Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: [http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-upnp-en](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200701-01-upnp-en>) [](<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200610-02-phone-en>)


Affected Software


CPE Name Name Version
e6878-370 10.0.5.1
h112-372 10.0.1.1

Related