Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2013-0229

Published: 31/01/2013 Updated: 08/10/2015
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 790
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Miniupnp Project

Vulnerability Summary

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd prior to 1.4 allows remote malicious users to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

miniupnp project miniupnpd

miniupnp project miniupnpd 1.2

miniupnp project miniupnpd 1.1

miniupnp project miniupnpd 1.0

Exploits

Exploit DB: INFOMARK IMW-C920W MiniUPnPd 1.0 - Denial of Service
#!/usr/bin/perl # # miniupnpd/10 remote denial of service exploit # # Copyright 2015 (c) Todor Donev # todordonev@gmailcom # wwwethical-hackerorg/ # wwwfacebookcom/ethicalhackerorg # # The SSDP protocol can discover Plug & Play devices, # with uPnP (Universal Plug and Play) SSDP is HTTP # like protocol and work ...
Exploit DB: MiniUPnP 1.4 - Multiple Denial of Service Vulnerabilities
source: wwwsecurityfocuscom/bid/57602/info MiniUPnP is prone to multiple denial-of-service vulnerabilities Attackers can exploit these issues to cause denial-of-service conditions MiniUPnP versions prior to 14 are vulnerable M-SEARCH * HTTP/11 Host:239255255250:1900 ST:uuid:schemas:device:MX:3< no CRLF > ...
Exploit DB: Lupusec XT1 1.0.80 XSS / CSRF / DoS / Insecure Transit
Lupusec XT1 alarm system version 1080 suffers from cross site request forgery, cross site scripting, insecure transit, and denial of service vulnerabilities ...
Exploit DB: MiniUPNPd 1.0 Remote Denial Of Service
MiniUPNPd version 10 remote denial of service exploit ...

Github Repositories

https://github.com/lochiiconnectivity/vulnupnp

Discover uPNP devices vulnerable to CVE-2013-0229 / CVE-2013-0230 / CVE-2012-5958 / CVE-2012-5959

vulnupnp Discover uPNP devices vulnerable to CVE-2013-0229 / CVE-2013-0230 / CVE-2012-5958 / CVE-2012-5959

References

NVD-CWE-noinfohttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-playhttps://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdfhttps://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFbhttps://nvd.nist.govhttps://github.com/lochiiconnectivity/vulnupnphttps://www.exploit-db.com/exploits/37517/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook