CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.6%
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
Vendor | Product | Version | CPE |
---|---|---|---|
miniupnp_project | miniupnpd | 1.0 | cpe:2.3:a:miniupnp_project:miniupnpd:1.0:*:*:*:*:*:*:* |
www.securityfocus.com/bid/57608
community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
www.exploit-db.com/exploits/36839/