CVE-2012-5959

EXPLOITED

UPnP SSDP M-SEARCH Information Discovery

Title source: metasploit
STIX 2.1

Exploitation Summary

CVE-2012-5959 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2012-5959, a denial-of-service (DoS) vulnerability in libupnp 1.6.13. The exploit sends a malformed SSDP M-SEARCH request with an overly long UUID field to trigger a crash in the target service.

Description

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.

Exploits (2)

vulncheck_xdb WORKING POC
remote
https://github.com/finn79426/CVE-2012-5960-PoC

This repository contains a functional proof-of-concept exploit for CVE-2012-5959, a denial-of-service (DoS) vulnerability in libupnp 1.6.13. The exploit sends a malformed SSDP M-SEARCH request with an overly long UUID field to trigger a crash in the target service.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: libupnp 1.6.13
No auth needed
Prerequisites: Network access to the target device running libupnp 1.6.13 · UDP port 1900 accessible
devstral-2 · analyzed Feb 26, 2026 Full analysis →
exploitdb WORKING POC
rubyremoteunix
https://www.exploit-db.com/exploits/24455

This Metasploit module exploits a buffer overflow in the `unique_service_name()` function of libupnp's SSDP processor, allowing remote code execution on vulnerable devices. It stages the payload over a secondary TCP connection due to size limitations.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Portable UPnP SDK (libupnp) versions affected by CVE-2012-5858
No auth needed
Prerequisites: Network access to the target device's SSDP service (UDP port 1900) · Vulnerable version of libupnp running on the target
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (17)

Core 17
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:098
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2615
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2614
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57602
Product x_refsource_confirm
http://pupnp.sourceforge.net/ChangeLog
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/922681
Third Party Advisory x_refsource_misc
https://www.tenable.com/security/research/tra-2017-10
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037

Scores

EPSS 0.8239
EPSS Percentile 99.3%

Details

VulnCheck KEV 2018-07-13
CWE
CWE-119
Status published
Products (26)
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.0
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.1
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.2
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.3
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.4
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.5
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.6
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.4.7
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.6.0
portable_sdk_for_upnp_project/portable_sdk_for_upnp 1.6.1
... and 16 more
Published Jan 31, 2013
Tracked Since Feb 18, 2026