logo
DATABASE RESOURCES PRICING ABOUT US

Authorization Bypass

Description

hostapd is vulnerable to authorization bypass. The vulnerability exists as the Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.


Affected Software


CPE Name Name Version
hostapd:3.12 2.9-r1
hostapd:3.10 2.8-r2
hostapd:3.11 2.9-r1
hostapd 2.7-r5
minidlna:buster 1.2.1+dfsg-1+b2
minidlna:buster 1.2.1+dfsg-1+b1
minidlna:3.12 1.2.1-r1
minidlna:sid 1.2.1+dfsg-2
minidlna:bullseye 1.2.1+dfsg-2
minidlna:focal 1.2.1+dfsg-1build1
minidlna:edge 1.2.1-r1
hostapd:edge 2.9-r1
gssdp 1.0.2__6.el8
gupnp 1.0.3__2.el8

Related