CVE-2013-0229
published 2013-01-31CVE-2013-0229: The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service…
PriorityP269high7.8CVSS 2.0
AVNACLAuNCNINAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
76.40%
99.5th percentile
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | miniupnpd | — | — |
| miniupnp_project | miniupnpd | <= 1.3 | — |
| miniupnp_project | miniupnpd | — | — |
| miniupnp_project | miniupnpd | — | — |
| miniupnp_project | miniupnpd | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1"; content:"miniupnpd/1."; fast_pattern; pcre:"/^Server\x3a[^\r\n]*miniupnpd\/1\.[0-3]/mi"; reference:url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play; reference:url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2013-0229; classtype:bad-unknown; sid:2016302; rev:7; metadata:created_at 2013_01_30, cve CVE_2013_0229, deployment Perimeter, confidence High, signature_severity Minor, updated_at 2023_05_02; target:src_ip;)
- →Detect vulnerable MiniUPnPd versions (1.0–1.3) by matching the Server header in UDP/1900 SSDP responses using the regex pattern /^Server\x3a[^\r\n]*miniupnpd\/1\.[0-3]/mi ↗
- →Exploit traffic arrives as a crafted UDP packet to port 1900 beginning with 'M-SEARCH * HTTP/1.1' followed by an oversized payload (1260+ random bytes) designed to trigger a buffer over-read in ProcessSSDPRequest ↗
- →The crafted M-SEARCH request uses a malformed ST header (ST:uuid:schemas:device:MX:3) to trigger the vulnerability; monitor for anomalous ST field values in SSDP M-SEARCH requests on UDP/1900 ↗
- →Source port 31337 is used in the exploit's raw UDP packet construction and can serve as an additional detection signal alongside destination port 1900 ↗
- ·The Snort/ET rule (sid:2016302) fires on SSDP *responses* from internal hosts (HOME_NET:1900 -> any), not on inbound exploit requests; it identifies vulnerable devices rather than active exploitation attempts ↗
- ·The Metasploit module targets MiniUPnPd 1.0 specifically via crafted UDP, while the CVE covers all versions before 1.4; detection should account for the full vulnerable version range (1.0–1.3) ↗
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vulncheck7.8HIGH
vendor_debian7.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fpc9-5224-c3xx: The ProcessSSDPRequest function in minissdp
ghsa_unreviewed·2022-05-05
CVE-2013-0229 [HIGH] GHSA-fpc9-5224-c3xx: The ProcessSSDPRequest function in minissdp
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
VulnCheck
MiniUPnPd before 1.4 ProcessSSDPRequest Denial of Service
vulncheck·2013·CVSS 7.8
CVE-2013-0229 [HIGH] MiniUPnPd before 1.4 ProcessSSDPRequest Denial of Service
MiniUPnPd before 1.4 ProcessSSDPRequest Denial of Service
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
Affected: miniupnp_project miniupnpd
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trendmicro.com/en_us/research/18/g/vpnfilter-affected-devices-still-riddled-with-19-vulnerabilities.html; https://www.researchgate.net/publication/348602660_An_analysis_of_the_use_of_CVEs_by_IoT_malware
Debian
CVE-2013-0229: miniupnpd - The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP Mi...
vendor_debian·2013·CVSS 7.8
CVE-2013-0229 [HIGH] CVE-2013-0229: miniupnpd - The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP Mi...
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Suricata
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1
suricata·2013-01-30·CVSS 10.0
CVE-2013-0229 [CRITICAL] ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1
ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1
Rule: alert udp $HOME_NET 1900 -> any any (msg:"ET INFO UPnP Discovery Search Response - CVE-2012-5958 and CVE-2012-5959 Vulnerable UPnP device M1"; content:"miniupnpd/1."; fast_pattern; pcre:"/^Server\x3a[^\r\n]*miniupnpd\/1\.[0-3]/mi"; reference:url,community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play; reference:url,upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf; reference:cve,2013-0229; classtype:bad-unknown; sid:2016302; rev:7; metadata:created_at 2013_01_30, cve CVE_2013_0229, deployment Perimeter, confidence High, signature_severity Minor, updated_at 2023_05_02; target:src_ip;)
Exploit-DB
INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service
exploitdb·2015-07-07·CVSS 7.8
CVE-2013-0230 [HIGH] INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service
INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service
---
#!/usr/bin/perl
#
# miniupnpd/1.0 remote denial of service exploit
#
# Copyright 2015 (c) Todor Donev
# [email protected]
# http://www.ethical-hacker.org/
# https://www.facebook.com/ethicalhackerorg
#
# The SSDP protocol can discover Plug & Play devices,
# with uPnP (Universal Plug and Play). SSDP is HTTP
# like protocol and work with NOTIFY and M-SEARCH
# methods.
#
# See also:
# CVE-2013-0229
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0229
# CVE-2013-0230
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0230
#
# Tested on
# Device Name : IMW-C920W
# Device Manufacturer : INFOMARK (http://infomark.co.kr)
#
# These devices are commonly used by Max Telecom, Bulgaria
#
# Disclaimer:
# This or previous progra
Exploit-DB
MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities
exploitdb·2012-01-28
CVE-2013-0229 MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities
MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities
---
source: https://www.securityfocus.com/bid/57602/info
MiniUPnP is prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions.
MiniUPnP versions prior to 1.4 are vulnerable.
M-SEARCH * HTTP/1.1
Host:239.255.255.250:1900
ST:uuid:schemas:device:MX:3
Metasploit
MiniUPnPd 1.4 Denial of Service (DoS) Exploit
metasploit
MiniUPnPd 1.4 Denial of Service (DoS) Exploit
MiniUPnPd 1.4 Denial of Service (DoS) Exploit
This module allows remote attackers to cause a denial of service (DoS) in MiniUPnP 1.0 server via a specifically crafted UDP request.
Metasploit
UPnP SSDP M-SEARCH Information Discovery
metasploit
UPnP SSDP M-SEARCH Information Discovery
UPnP SSDP M-SEARCH Information Discovery
Discover information from UPnP-enabled systems
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
# UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang
Mar 06, 2019
Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward publ
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
# UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang
2019/03/06
Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward public
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
## UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang 2019/03/06 Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward public
Trendmicro
UPnP-enabled Home Devices and Vulnerabilities
blogs_trendmicro·2019-03-06
UPnP-enabled Home Devices and Vulnerabilities
## UPnP-enabled Home Devices and Vulnerabilities
UPnP convenience comes security holes that range from attackers gaining control of devices to bypassing firewall protections. We looked into UPnP-related events in home networks and found that many users still have UPnP enabled in their devices."
By: Tony Yang Mar 06, 2019 Read time: ( words)
Save to Folio
Earlier this year, users of Chromecast streaming dongles, Google Home devices, and smart TVs were inundated with a message promoting YouTuber PewDiePie’s channel. The hijacking is said to be part of an ongoing subscriber count battle on the video sharing site. The hackers behind it reportedly took advantage of poorly configured routers that had the Universal Plug and Play (UPnP) service enabled, which caused the routers to forward publ
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee Jul 13, 2018 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
# VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee
2018/07/13
Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee 2018/07/13 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-playhttps://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdfhttps://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFbhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-playhttps://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdfhttps://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
2013-01-31
Published
Exploited in the wild