Vulnerabilities > CVE-2013-0229 - Denial of Service vulnerability in MiniUPnP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 18 |
Exploit-Db
description INFOMARK IMW-C920W miniupnpd 1.0 - Denial of Service. CVE-2013-0229,CVE-2013-0230. Dos exploit for hardware platform id EDB-ID:37517 last seen 2016-02-04 modified 2015-07-07 published 2015-07-07 reporter Todor Donev source https://www.exploit-db.com/download/37517/ title INFOMARK IMW-C920W miniupnpd 1.0 - Denial of Service description MiniUPnP Multiple Denial of Service Vulnerabilities. CVE-2013-0229. Dos exploits for multiple platform id EDB-ID:38249 last seen 2016-02-04 modified 2012-01-28 published 2012-01-28 reporter Rapid7 source https://www.exploit-db.com/download/38249/ title MiniUPnP Multiple Denial of Service Vulnerabilities
Metasploit
description This module allows remote attackers to cause a denial of service (DoS) in MiniUPnP 1.0 server via a specifically crafted UDP request. id MSF:AUXILIARY/DOS/UPNP/MINIUPNPD_DOS last seen 2020-06-04 modified 2017-07-24 published 2013-06-03 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/upnp/miniupnpd_dos.rb title MiniUPnPd 1.4 Denial of Service (DoS) Exploit description Discover information from UPnP-enabled systems id MSF:AUXILIARY/SCANNER/UPNP/SSDP_MSEARCH last seen 2019-12-17 modified 2017-07-24 published 2010-11-09 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/upnp/ssdp_msearch.rb title UPnP SSDP M-SEARCH Information Discovery
Nessus
NASL family | Gain a shell remotely |
NASL id | MINIUPNPD_1_4.NASL |
description | According to its banner, the version of MiniUPnP running on the remote host is prior to 1.4. It is, therefore, affected by the following vulnerabilities : - An out-of-bounds read error exists in the ProcessSSDPRequest() function in file minissdp.c that allows an unauthenticated, remote attacker to cause a denial of service condition via a specially crafted M-SEARCH request. (CVE-2013-0229) - A stack-based buffer overflow condition exists in the ExecuteSoapAction() function in the SOAPAction handler, due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a long quoted method, to cause a denial of service condition or the execution of arbitrary code. (CVE-2013-0230) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 64377 |
published | 2013-01-31 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/64377 |
title | MiniUPnP < 1.4 Multiple Vulnerabilities |
code |
|
Packetstorm
data source https://packetstormsecurity.com/files/download/139413/lupusec-xssxsrf.txt id PACKETSTORM:139413 last seen 2016-12-05 published 2016-10-28 reporter Foxmole source https://packetstormsecurity.com/files/139413/Lupusec-XT1-1.0.80-XSS-CSRF-DoS-Insecure-Transit.html title Lupusec XT1 1.0.80 XSS / CSRF / DoS / Insecure Transit data source https://packetstormsecurity.com/files/download/132599/miniupnpd-dos.txt id PACKETSTORM:132599 last seen 2016-12-05 published 2015-07-08 reporter Todor Donev source https://packetstormsecurity.com/files/132599/MiniUPNPd-1.0-Remote-Denial-Of-Service.html title MiniUPNPd 1.0 Remote Denial Of Service
The Hacker News
id | THN:E067CA1FBC7C95B306C9F3F8A9615CEA |
last seen | 2017-01-08 |
modified | 2013-01-29 |
published | 2013-01-29 |
reporter | Mohit Kumar |
source | http://thehackernews.com/2013/01/security-flaws-in-upnp-protocol-put-50.html |
title | Security Flaws in UPnP protocol put 50 million devices at risk |