46 matches found
Astra Linux – Vulnerability in wpa, pupnp-1.8
The Open Connectivity Foundation’s UPnP specification prior to April 17, 2020, does not prohibit the acceptance of a subscription request with a delivery URL located in a different network segment than the fully qualified event-subscription URL. This is known as the “CallStranger” issue...
EPSON Printers Incorrect Default Permissions (CVE-2020-12695)
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This plugin only works with Tenable.ot...
Exploit for Incorrect Default Permissions in Ui Unifi_Controller
CallStranger This script created by Yunus Çadırcı https://twitter.com/yunuscadirci to check against CallStranger CVE-2020-12695 vulnerability. An attacker can use this vulnerability for: Bypassing DLP for exfiltrating data Using millions of Internet-facing UPnP device as source of amplified...
Linux Distros Unpatched Vulnerability : CVE-2020-12695
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a differen...
Dell UPnP SUBSCRIBE function Incorrect Default Permissions (CVE-2020-12695)
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. This plugin only works with Tenable.ot...
Rocky Linux 8 : gssdp and gupnp (RLSA-2021:1789)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1789 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a differe...
SUSE CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
OESA-2022-1768 gupnp security update
GUPnP is an elegant, object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. It provides the same set of features as libupnp,but shields the developer from most...
NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)
The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple vulnerabilities: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...
NewStart CGSL MAIN 6.02 : gssdp Vulnerability (NS-SA-2022-0065)
The remote NewStart CGSL host, running version MAIN 6.02, has gssdp packages installed that are affected by a vulnerability: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network...
AlmaLinux 8 : gssdp and gupnp (ALSA-2021:1789)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2021:1789 advisory. - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...
Mageia: Security Advisory (MGASA-2020-0304)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)
The version of wpasupplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-362-01 advisory. - hostapd before 2.10 and wpasupplicant before 2.10 allow an incorrect indication of disconnection in certain situations...
Oracle Linux 8 : gssdp / and / gupnp (ELSA-2021-1789)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1789 advisory. gssdp 1.0.5-1 + gssdp-1.0.5-1 - Update to 1.0.5 - Fix SUBSCRIBE misbehaviour - Resolves: 1861928 gupnp 1.0.6-1 + gupnp-1.0.6-1 - Update to 1.0.6 - Fix SUBSCRIBE...
hostapd: UPnP SUBSCRIBE misbehavior in WPS AP
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...
EulerOS 2.0 SP2 : wpa_supplicant (EulerOS-SA-2021-1372)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2021-1372)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : wpa_supplicant (EulerOS-SA-2021-1131)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a deliver...
Updated minidlna packages fix security vulnerabilities
It was discovered that minidlna does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue CVE-2020-12695. Minidlna before versions 1.3.0 allows remote code execution...
Debian DLA-2489-1 : minidlna security update
It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code. In addition minidlna was susceptible to the 'CallStranger' UPnP vulnerability. For Debian 9 stretch, these problems have been fixed in version...