Published: 08/06/2020 Updated: 08/04/2024

CVSS v2 Base Score: 7.8 | Impact Score: 7.8 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.5 | Impact Score: 4.7 | Exploitability Score: 2.2

VMScore: 696

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:C

The Open Connectivity Foundation UPnP specification prior to 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ui unifi controller -
w1.fi hostapd
asus rt-n11 -
broadcom adsl -
canon selphy cp1200 -
cisco wap150 -
cisco wap351 -
cisco wap131 -
dlink dvg-n5412sp -
dell b1165nfw -
epson ew-m970a3t -
epson ep-101 -
epson xp-8500 -
epson xp-702 -
epson xp-340 -
epson xp-620 -
epson xp-320 -
epson xp-960 -
epson xp-2101 -
epson xp-330 -
epson xp-2105 -
epson xp-100 -
epson xp-630 -
epson xp-8600 -
epson xp-4105 -
epson xp-241 -
epson xp-4100 -
epson xp-970 -
epson xp-440 -
epson m571t -
hp envy 5000 m2u85a -
hp envy 5000 m2u85b -
hp envy 5000 m2u91a -
hp envy 5000 m2u94b -
hp envy 5000 z4a54a -
hp envy 5000 z4a74a -
hp envy photo 6200 k7g18a -
hp envy photo 6200 k7g26b -
hp envy photo 6200 k7s21b -
hp envy photo 6200 y0k13d -
hp envy photo 6200 y0k15a -
hp envy photo 7100 3xd89a -
hp envy photo 7100 k7g93a -
hp envy photo 7100 k7g99a -
hp envy photo 7100 z3m37a -
hp envy photo 7100 z3m52a -
hp envy photo 7800 k7r96a -
hp envy photo 7800 k7s00a -
hp envy photo 7800 k7s10d -
hp envy photo 7800 y0g42d -
hp envy photo 7800 y0g52b -
hp envy 5020 m2u91b -
hp envy 114 cq811a -
hp envy 114 cq811b -
hp envy 114 cq812a -
hp envy 111 cq810a -
hp envy 110 cq809c -
hp envy 110 cq809a -
hp envy 110 cq809b -
hp envy 110 cq809d -
hp envy 110 cq812c -
hp envy 100 cn517a -
hp envy 100 cn517b -
hp envy 100 cn517c -
hp envy 100 cn518a -
hp envy 100 cn519a -
hp envy 100 cn519b -
hp envy 5000 m2u91a
hp envy pro 6420 5se45b -
hp envy pro 6420 5se46a -
hp envy pro 6420 6wd14a -
hp envy pro 6420 6wd16a -
hp envy pro 6452 5se47a -
hp envy pro 6455 5se45a -
hp 5020 z4a69a -
hp 5030 m2u92b -
hp 5030 z4a70a -
hp 5034 z4a74a -
hp 5660 f8b04a -
hp envy 5665 f8b06a -
hp envy 5664 f8b08a -
hp envy 7640 -
hp envy 7644 e4w46a -
hp envy 7645 e4w44a -
hp envy 5640 b9s56a -
hp envy 5640 b9s58a -
hp envy 6540 b9s59a -
hp envy 5642 b9s64a -
hp envy 5643 b9s63a -
hp envy 5644 b9s65a -
hp envy 5646 f8b05a -
hp envy 5540 f2e72a -
hp envy 5540 g0v47a -
hp envy 5540 g0v52a -
hp envy 5540 g0v51a -
hp envy 5540 g0v53a -
hp envy 5540 k7c85a -
hp envy 5541 k7g89a -
hp envy 5542 k7c88a -
hp envy 5543 n9u88a -
hp envy 5544 k7c89a -
hp envy 5544 k7c93a -
hp envy 5545 g0v50a -
hp envy 5546 k7c90a -
hp envy 5547 j6u64a -
hp envy 5548 k7g87a -
hp deskjet ink advantage 5575 g0v48b -
hp deskjet ink advantage 5575 g0v48c -
hp deskjet ink advantage 4535 f0v64a -
hp deskjet ink advantage 4535 f0v64b -
hp deskjet ink advantage 4535 f0v64c -
hp deskjet ink advantage 4536 f0v65a -
hp deskjet ink advantage 4538 f0v66b -
hp deskjet ink advantage 4675 f1h97a -
hp deskjet ink advantage 4675 f1h97b -
hp deskjet ink advantage 4675 f1h97c -
hp deskjet ink advantage 4676 f1h98a -
hp deskjet ink advantage 4678 f1h99b -
hp envy 4511 k9h50a -
hp envy 4512 k9h49a -
hp envy 4513 k9h51a -
hp envy 4516 k9h52a -
hp envy 4520 e6g67a -
hp envy 4520 e6g67b -
hp envy 4520 f0v63a -
hp envy 4520 f0v63b -
hp envy 4520 f0v69a -
hp envy 4521 k9t10b -
hp envy 4522 f0v67a -
hp envy 4523 j6u60b -
hp envy 4524 f0v71b -
hp envy 4524 f0v72b -
hp envy 4524 k9t01a -
hp envy 4525 k9t09b -
hp envy 4526 k9t05b -
hp envy 4527 j6u61b -
hp envy 4528 k9t08b -
hp officejet 4650 e6g87a -
hp officejet 4650 f1h96a -
hp officejet 4650 f1h96b -
hp officejet 4652 f1j02a -
hp officejet 4652 k9v84b -
hp officejet 4652 f1j05b -
hp officejet 4654 f1j07b -
hp officejet 4654 f1j06b -
hp officejet 4655 f1j00a -
hp officejet 4655 k9v79a -
hp officejet 4655 k9v82b -
hp officejet 4656 k9v81b -
hp officejet 4657 v6d29b -
hp officejet 4658 v6d30b -
hp envy 5530 -
hp envy 5536 -
hp envy 5531 -
hp envy 5539 -
hp envy 5532 -
hp deskjet ink advantage 4515 -
hp envy 5534 -
hp deskjet ink advantage 4518 -
hp envy 5535 -
hp deskjet ink advantage 3545 a9t81a -
hp deskjet ink advantage 3545 a9t81c -
hp deskjet ink advantage 3545 a9t83b -
hp deskjet ink advantage 3546 a9t82a -
hp deskjet ink advantage 3456 a9t84c -
hp deskjet ink advantage 3548 a9t81b -
hp envy 4509 d3p94a -
hp envy 4509 d3p94b -
hp envy 4501 c8d05a -
hp envy 4502 a9t85a -
hp envy 4502 a9t87b -
hp envy 4503 e6g71b -
hp envy 4504 a9t88b -
hp envy 4504 c8d04a -
hp envy 4505 a9t86a -
hp envy 4507 e6g70b -
hp envy 4508 e6g72b -
hp envy 4500 a9t80a -
hp envy 4500 a9t80b -
hp envy 4500 a9t89a -
hp envy 4500 d3p93a -
hp envy 120 cz022a -
hp envy 120 cz022b -
hp envy 120 cz022c -
hp envy photo 6220 k7g20d -
hp envy photo 6220 k7g21b -
hp envy photo 6230 k7g25b -
hp envy photo 6232 k7g26b -
hp envy photo 6234 k7s21b -
hp envy photo 6252 k7g22a -
hp envy photo 6222 y0k13d -
hp envy photo 6222 y0k14d -
hp envy photo 7830 y0g50b -
hp envy photo 7822 y0g42d -
hp envy photo 7822 y0g43d -
hp envy photo 7120 z3m41d -
hp envy photo 7155 z3m52a -
hp envy photo 7164 k7g99a -
hp envy 6020 5se16b -
hp envy 6020 5se17a -
hp envy 6020 6wd35a -
hp envy 6020 7cz37a -
hp envy 6052 5se18a -
hp envy 6055 5se16a -
huawei hg532e -
huawei hg255s -
nec wr8165n -
netgear wnhde111 -
ruckussecurity zonedirector 1200 -
tp-link archer c50 -
zte zxv10 w300 -
zyxel vmg8324-b10a -
zyxel amg1202-t10b -
microsoft windows 10 -
microsoft xbox one 10.0.19041.2494
fedoraproject fedora 31
fedoraproject fedora 32
debian debian linux 9.0
debian debian linux 10.0
canonical ubuntu linux 20.04

Debian Bug report logs - #976106 wpa: CVE-2020-12695 Package: src:wpa; Maintainer for src:wpa is Debian wpasupplicant Maintainers <wpa@packagesdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 29 Nov 2020 19:39:04 UTC Severity: important Tags: security, upstream Found in version wpa/2:2 ...

It was discovered that missing input validation in minidlna, a lightweight DLNA/UPnP-AV server could result in the execution of arbitrary code In addition minidlna was susceptible to the CallStranger UPnP vulnerability For the stable distribution (buster), these problems have been fixed in version 121+dfsg-2+deb10u1 We recommend that you upgra ...

Several vulnerabilities have been discovered in wpa_supplicant and hostapd CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service CVE-2021-0326 It was discovered that wpa_supplicant does not properly process P2P ...

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue This issue could allow a device connected to the local network (ie, a device that has been au ...

oss-sec mailing list archives   By Date By Thread </form>    hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP   From: Jouni Malin ...

To complie asuswrt for Tenda AC9 Router

asuswrt-for-Tenda-AC9-Router To complie asuswrt for Tenda AC9 Router dlcdnetsasuscom/pub/ASUS/wireless/RT-AC1200G+/GPL_RT_AC1200GPlus_300438252272zip Version 300438252272 2020/07/23 69179 MBytes 安全性修正修正 CVE-2020-12695 (CallStranger) 修正 Reflected XSS 漏洞修正 Directory traversal 漏洞修正 CVE-2017-15653 由於增強伺服器安全�

Usage generate a new repository from this template trigger github action Inspiration maguowei/starred: creating your own Awesome List by GitHub stars! Contents Android APP Utility Docker Font GFW GitHub Java Web RESTful Linux GUI Desktop Environment Gnome Extension Theme Windows Manager Utility Operating System HarmonyOS Other Python Utility And

Zeek Plugin that detects CallStranger (CVE-2020-12695) attempts (http://callstranger.com/)

Zeek Package that detects CallStranger (CVE-2020-12695) attempts (callstrangercom/) This package attempts to detect CallStranger (CVE-2020-12695) exploitation attempts and data exfiltration It does so by looking for three key things: UPnP SUBSCRIBE commands with a Notify URL that contains an IP address that isn't an RFC1918 or local_nets address This could be th

A collection of zeek detection scripts

Bro/Zeek Detection Script Collection A collection of bro/zeek detection scripts This is just a list Detection of techniques Mitre BZAR Detection of Long Connections Ransomware Filenames PingBack Cryptomining Detection of Vulnerabilities CVE-2020-0601 0xxon CVE-2020-1472 - Zerologon Corelight CVE-2020-12695 - CallStranger Corelight CVE-2020-13777 0xxon Threat I

details about DIAL protocol vulnerabilities

DIALStranger What is DIAL? Discovery and Launch (DIAL) is a protocol co-developed by Netflix and YouTube with help from Sony and Samsung It is used for videos to be played on TVs and other devices easily wwwdial-multiscreenorg/dial-protocol-specification What is vulnerability? This is a research from 2019 I found protocol doesn't cover some basic security feat

Vulnerability checker for Callstranger (CVE-2020-12695)

CallStranger This script created by Yunus Çadırcı (twittercom/yunuscadirci) to check against CallStranger (CVE-2020-12695) vulnerability An attacker can use this vulnerability for: Bypassing DLP for exfiltrating data Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood Scanning internal ports from Internet facin

CWE-276 https://www.callstranger.com https://www.kb.cert.org/vuls/id/339275 http://www.openwall.com/lists/oss-security/2020/06/08/2 https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of https://github.com/yunuscadirci/CallStranger http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html https://github.com/corelight/callstranger-detector https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html https://usn.ubuntu.com/4494-1/https://www.debian.org/security/2020/dsa-4806 https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html https://www.debian.org/security/2021/dsa-4898 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976106 https://nvd.nist.gov https://github.com/aoeII/asuswrt-for-Tenda-AC9-Router https://www.debian.org/security/2020/dsa-4806

Get Started

CVE-2020-12695

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect