CVE-2013-0229

EXPLOITED

miniupnpd < 1.4 - Denial of Service via Crafted SSDP Request

Title source: llm

Exploitation Summary

CVE-2013-0229 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Rapid7, lochiiconnectivity, hdm, Dejan Lukan, including a Metasploit module auxiliary/dos/upnp/miniupnpd_dos.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in MiniUPnP versions prior to 1.4 by sending a malformed M-SEARCH request without proper CRLF termination, causing a crash or hang.

Description

The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.

Exploits (5)

exploitdb WORKING POC VERIFIED

by Rapid7 · textdosmultiple

https://www.exploit-db.com/exploits/38249

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in MiniUPnP versions prior to 1.4 by sending a malformed M-SEARCH request without proper CRLF termination, causing a crash or hang.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MiniUPnP < 1.4

No auth needed

Prerequisites: Network access to the target device running MiniUPnP

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 1 stars

by lochiiconnectivity · poc

https://github.com/lochiiconnectivity/vulnupnp

View Code ZIP pw:eip

This Perl script scans for UPnP devices vulnerable to CVE-2013-0229, CVE-2013-0230, CVE-2012-5958, and CVE-2012-5959 by sending an M-SEARCH request and analyzing the response for known vulnerable software versions.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MiniUPnPd (versions 1.0, 1.0-1.3), Intel SDK for UPnP devices, Portable SDK for UPnP devices

No auth needed

Prerequisites: Network access to the target device's UPnP service (UDP port 1900)

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

perldoshardware

https://www.exploit-db.com/exploits/37517

View Code ZIP pw:eip

This Perl script exploits CVE-2013-0229 by sending a malformed SSDP packet to miniupnpd/1.0, causing a denial of service (DoS). It crafts a raw UDP packet with an oversized payload to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: miniupnpd/1.0

No auth needed

Prerequisites: Raw socket permissions (root access) · Target device with vulnerable miniupnpd service exposed on UDP port 1900

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

metasploit WORKING POC

by hdm, Dejan Lukan · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/upnp/miniupnpd_dos.rb

View Code ZIP pw:eip

This Metasploit module exploits a denial-of-service vulnerability in MiniUPnPd 1.4 by sending a malformed UDP M-SEARCH packet. The exploit causes the service to crash by overflowing the stack with arbitrary characters.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MiniUPnPd 1.4

No auth needed

Prerequisites: Network access to UDP port 1900

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit SCANNER

by todb, hdm · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/upnp/ssdp_msearch.rb

View Code ZIP pw:eip

This Metasploit module scans for UPnP SSDP endpoints and identifies vulnerabilities in MiniUPnPd and Portable SDK for UPnP devices. It sends M-SEARCH probes and analyzes responses to detect vulnerable versions.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MiniUPnPd (1.0-1.3), Portable SDK for UPnP devices (1.0-1.8.0)

No auth needed

Prerequisites: Network access to UDP port 1900

MITRE ATT&CK

T1046 - Network Service Discovery T1082 - System Information Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf

Third Party Advisory x_refsource_misc

https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb

Third Party Advisory x_refsource_misc

https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

Scores

EPSS 0.7435

EPSS Percentile 98.9%

Details

VulnCheck KEV 2018-07-13

Status published

Products (4)

miniupnp_project/miniupnpd 1.0

miniupnp_project/miniupnpd 1.1

miniupnp_project/miniupnpd 1.2

miniupnp_project/miniupnpd < 1.3

Published Jan 31, 2013

Tracked Since Feb 18, 2026