9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Attempts to extract system information from the UPnP service by sending a multicast query, then collecting, parsing, and displaying all responses.
See the documentation for the slaxml library.
See the documentation for the http library.
See the documentation for the target library.
See the documentation for the smbauth library.
nmap -sV --script=broadcast-upnp-info <target>
| broadcast-upnp-info:
| 1.2.3.50
| Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
| Location: http://1.2.3.50:8200/rootDesc.xml
| Webserver: Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
| Name: BUBBA|TWO DLNA Server
| Manufacturer: Justin Maggard
| Model Descr: MiniDLNA on Debian
| Model Name: Windows Media Connect compatible (MiniDLNA)
| Model Version: 1
| 1.2.3.114
| Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
| Location: http://1.2.3.114:52323/dmr.xml
| Webserver: Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
| Name: BRAVIA KDL-32EX701
| Manufacturer: Sony Corporation
|_ Model Name: KDL-32EX701
local stdnse = require "stdnse"
local upnp = require "upnp"
description = [[
Attempts to extract system information from the UPnP service by sending a multicast query, then collecting, parsing, and displaying all responses.
]]
---
-- @output
-- | broadcast-upnp-info:
-- | 1.2.3.50
-- | Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
-- | Location: http://1.2.3.50:8200/rootDesc.xml
-- | Webserver: Debian/4.0 DLNADOC/1.50 UPnP/1.0 MiniDLNA/1.0
-- | Name: BUBBA|TWO DLNA Server
-- | Manufacturer: Justin Maggard
-- | Model Descr: MiniDLNA on Debian
-- | Model Name: Windows Media Connect compatible (MiniDLNA)
-- | Model Version: 1
-- | 1.2.3.114
-- | Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
-- | Location: http://1.2.3.114:52323/dmr.xml
-- | Webserver: Linux/2.6 UPnP/1.0 KDL-32EX701/1.7
-- | Name: BRAVIA KDL-32EX701
-- | Manufacturer: Sony Corporation
-- |_ Model Name: KDL-32EX701
-- Version 0.1
-- Created 10/29/2010 - v0.1 - created by Patrik Karlsson <[email protected]>
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"broadcast", "safe"}
prerule = function() return true end
---
-- Sends UPnP discovery packet to host,
-- and extracts service information from results
action = function()
local helper = upnp.Helper:new()
helper:setMulticast(true)
local status, result = helper:queryServices()
if ( status ) then
return stdnse.format_output(true, result)
end
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%