CVE-2012-5965

portable SDK for UPnP Devices 1.3.1 - Stack-based Buffer Overflow in SSDP DeviceType Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5965. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in the unique_service_name() function of libupnp's SSDP processor, allowing remote code execution on vulnerable devices. It targets specific hardware like Supermicro IPMI and uses a staged payload approach due to size limitations.

Description

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremoteunix

https://www.exploit-db.com/exploits/24455

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the unique_service_name() function of libupnp's SSDP processor, allowing remote code execution on vulnerable devices. It targets specific hardware like Supermicro IPMI and uses a staged payload approach due to size limitations.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Portable UPnP SDK (libupnp) versions including Intel SDK for UPnP Devices 1.3.1

No auth needed

Prerequisites: Network access to UDP port 1900 · Vulnerable UPnP service running on target

MITRE ATT&CK