CVE-2012-5958

This exploit triggers a stack-based buffer overflow in libupnp versions <= 1.6.6 by sending a maliciously crafted M-SEARCH SSDP packet with an oversized 'ST' header. The payload consists of 324 'A' characters followed by 'BBBB', designed to crash the service (DoS).

This Perl script scans for UPnP devices vulnerable to CVE-2013-0229, CVE-2013-0230, CVE-2012-5958, and CVE-2012-5959 by sending an M-SEARCH request and analyzing the response for known vulnerable software versions.

This Metasploit module exploits a buffer overflow in the `unique_service_name()` function of libupnp's SSDP processor, allowing remote code execution on vulnerable devices. It stages the payload over a secondary TCP connection due to size limitations.

This Metasploit module exploits a buffer overflow in the `unique_service_name()` function of libupnp's SSDP processor, allowing remote code execution on vulnerable devices. It stages the payload over a secondary TCP connection due to size limitations.