CVE-2019-12110

An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c...

CVE-2019-12110

An AddPortMapping Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in upnpredirect.c...

CVE-2019-12110

CVE-2019-12110 concerns MiniUPnPd (miniupnpd) upnpredirect.c with a NULL pointer dereference causing a Denial of Service via AddPortMapping; the issue affects MiniUPnPd up to version 2.1. Public advisories from Debian (DLA-1811) indicate a fix was released for Debian 8 Jessie as miniupnpd 1.8.201...

CVE-2018-15875

Cross-site scripting XSS vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SOAP request...

Realtek SDK Miniigd AddPortMapping SOAP Action Command Injection (CVE-2014-8361)

A command injection vulnerability exists in Realtek SDK. The vulnerability is due to lack of input sanitization on user-supplied data when processing the NewInternalClient requests to the miniigd SOAP service. By sending a crafted SOAP request to the affected service, a remote unauthenticated...

UPnP IGD SOAP Port Mapping Utility

Manage port mappings on UPnP IGD-capable device using the AddPortMapping and DeletePortMapping SOAP requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nokogiri' class MetasploitModule 'UPnP IGD SOAP Por...

Realtek SDK Miniigd UPnP SOAP Command Execution

Different devices using the Realtek SDK with the miniigd daemon are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested successfully on a Trendnet TEW-731BR...

CVE-2011-4503

The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability...

Linksys WRT54GXv2 UPnP请求处理漏洞

WRT54GXv2是一款流行的无线宽带路由器。 WRT54GXv2的UPnP功能的实现上存在漏洞，远程攻击者可能利用此漏洞绕过某些安全限制。 如果启用了UPnP的话，WRT54GXv2就会接受发送到WAN接口UPnP请求，攻击者可以通过向设备发送AddPortMapping命令打开任意端口。 Linksys WRT54GX v2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.linksys.com...

Authentication flaw

Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter possibly within NewInternalClient, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary...

Authentication flaw

Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...

CVE-2006-2560

Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...

Authentication flaw

ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...

CVE-2006-2561

Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter possibly within NewInternalClient, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary...

CVE-2006-2562

ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...

CVE-2006-2560

Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic...

CVE-2006-2560

The connected sources confirm a vulnerability in Sitecom WL-153 router firmware prior to 1.38. A UPnP request with a modified InternalClient parameter is not validated, allowing remote attackers to bypass access restrictions and perform unauthorized operations, demonstrated via AddPortMapping to ...