Published: 07/03/2017 Updated: 03/11/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Portable UPnP SDK (aka libupnp) prior to 1.6.21 allows remote malicious users to write to arbitrary files in the webroot via a POST request without a registered handler.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
libupnp project libupnp

Debian Bug report logs - #831857 libupnp: CVE-2016-6255: write files via POST Package: src:libupnp; Maintainer for src:libupnp is Nick Leverton <nick@levertonorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 20 Jul 2016 09:06:02 UTC Severity: grave Tags: buster, jessie, patch, security, sid, str ...

Debian Bug report logs - #842093 libupnp: CVE-2016-8863 Package: src:libupnp; Maintainer for src:libupnp is Nick Leverton <nick@levertonorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 25 Oct 2016 20:30:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Found in version lib ...

Two vulnerabilities were discovered in libupnp, a portable SDK for UPnP devices CVE-2016-6255 Matthew Garret discovered that libupnp by default allows any user to write to the filesystem of the host running a libupnp-based server application CVE-2016-8863 Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to ...

# Exploit Title: MiCasa VeraLite Remote Code Execution # Date: 10-20-2016 # Software Link: getveracom/controllers/veralite/ # Exploit Author: Jacob Baines # Contact: twittercom/Junior_Baines # CVE: CVE-2013-4863 & CVE-2016-6255 # Platform: Hardware 1 Description A remote attacker can execute code on the MiCasa VeraLite if so ...

MiCasa VeraLite suffers from a remote code execution vulnerability ...

A proof of concept exploit against the Veralite

runluahtml Overview runluahtml, when loaded in a browser, will attempt to get a reverse shell on a VeraLite device on the client's network This is achieved using a combination of CVE-2013-4863, CVE-2016-6255, and WebRTC IP leak The full attack follows these steps: Acquire the client's internal IP address using webrtc We then assume the client is operating on a /

CWE-284 https://twitter.com/mjg59/status/755062278513319936 https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd http://www.securityfocus.com/bid/92050 http://www.openwall.com/lists/oss-security/2016/07/20/5 http://www.openwall.com/lists/oss-security/2016/07/18/13 http://www.debian.org/security/2016/dsa-3736 https://security.gentoo.org/glsa/201701-52 https://www.exploit-db.com/exploits/40589/https://www.tenable.com/security/research/tra-2017-10 https://nvd.nist.gov https://github.com/jacob-baines/veralite_upnp_exploit_poc https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831857 https://www.exploit-db.com/exploits/40589/https://www.debian.org/security/./dsa-3736

CVE-2016-6255

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect