CVE-2013-0229
82Vexday Risk Score
Patch now. It exploitation observed by VulnCheck and has a working public exploit.
ssvc Actepss 76%
from disclosure to weapon0 days
Published on NVDJan 31
1st PoCJan 28
metasploit+55d
VulnCheck+1989d
exploitation probability
76%top 1% of all CVEs
observed exploitation
yesVulnCheck
3 public exploit(s)
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/lochiiconnectivity/vulnupnp★ 1exploitdbwww.exploit-db.com/exploits/37517unverifiedexploitdbwww.exploit-db.com/exploits/38249unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-playhttps://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdfhttps://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb