CVE-2013-0230
CVE-2013-0230
Vexday Risk Score
72High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 69.2%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
31 Jan 2013Published on NVD
27 Mar 2013Metasploit module available
05 Jun 2013Public PoC
Weaponization speed
124 daysto first PoC
54 daysto Metasploit module
Recommendation: Patch as soon as possible — active exploitation confirmed.
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
Affected products
n/a · n/apublic PoCs found — 4
cve_referencewww.exploit-db.com/exploits/36839/unverifiedexploitdbwww.exploit-db.com/exploits/37517unverifiedexploitdbwww.exploit-db.com/exploits/25975unverifiedexploitdbwww.exploit-db.com/exploits/36839unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-playhttps://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdfhttps://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFbhttps://www.exploit-db.com/exploits/36839/http://www.securityfocus.com/bid/57608