Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-0229 — Project Miniupnpd vulnerability

16 documents8 sources

Severity

7.8HIGHNVD

EPSS

74.3%

top 1.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Miniupnp Project Miniupnpd Debian Miniupnpd

Timeline

PublishedJan 31

Latest updateMay 5

Description

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDminiupnp_project/miniupnpd1.3+3

▶debiandebian/miniupnpd

🔴Vulnerability Details

GHSA

GHSA-fpc9-5224-c3xx: The ProcessSSDPRequest function in minissdp↗2022-05-05

▶

VulnCheck

MiniUPnPd before 1.4 ProcessSSDPRequest Denial of Service↗2013

▶

💥Exploits & PoCs

Exploit-DB

INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service↗2015-07-07

▶

Exploit-DB

MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities↗2012-01-28

▶

Metasploit

MiniUPnPd 1.4 Denial of Service (DoS) Exploit↗

▶

Metasploit

UPnP SSDP M-SEARCH Information Discovery↗

▶

🔍Detection Rules

Suricata

ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1↗2013-01-30

▶

📋Vendor Advisories

Debian

CVE-2013-0229: miniupnpd - The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP Mi...↗2013

▶

🕵️Threat Intelligence

Trendmicro

UPnP-enabled Home Devices and Vulnerabilities↗2019-03-06

▶

Trendmicro

UPnP-enabled Home Devices and Vulnerabilities↗2019-03-06

▶

Trendmicro

UPnP-enabled Home Devices and Vulnerabilities↗2019-03-06

▶

Trendmicro

UPnP-enabled Home Devices and Vulnerabilities↗2019-03-06

▶

Trendmicro

VPNFilter-affected Devices Still Riddled with 19 Bugs↗2018-07-13

▶