Published: 03/01/2018 Updated: 30/05/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an malicious user to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact

Vulnerable Product	Search on Vulmon	Subscribe to Product
miniupnp project miniupnpd

Debian Bug report logs - #887129 miniupnpd: CVE-2017-1000494 Package: src:miniupnpd; Maintainer for src:miniupnpd is Thomas Goirand <zigo@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 14 Jan 2018 09:27:04 UTC Severity: important Tags: security, upstream Found in version miniupnpd/18 ...

MiniUPnP could be made to crash or run programs if it received specially crafted network traffic ...

Router Netgear AC1000 Analysis Basic Access The usual interaction with the router is done through the web portal at wwwrouterlogincom By going to the url wwwrouterlogincom/setupcgi?todo=debug it will open a telnet service on port 23 to connect to Logging in with the same login as the routerlogin gives shell access to the router Some vulnerable processes running on the ro

CWE-119 https://github.com/miniupnp/miniupnp/issues/268 https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a https://usn.ubuntu.com/3562-1/https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887129 https://usn.ubuntu.com/3562-1/https://nvd.nist.gov

CVE-2017-1000494

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect