CVE-2020-12695

HIGH

Open Connectivity Foundation UPnP <2020-04-17 - SSRF

Title source: llm

Description

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Exploits (2)

nomisec WORKING POC 403 stars

by yunuscadirci · poc

https://github.com/yunuscadirci/CallStranger

View Code ZIP pw:eip

nomisec WRITEUP 6 stars

by corelight · poc

https://github.com/corelight/callstranger-detector

View Code ZIP pw:eip

References (17)

Core 17

Core References

Broken Link x_refsource_misc

https://www.callstranger.com

Third Party Advisory, US Government Resource x_refsource_misc

https://www.kb.cert.org/vuls/id/339275

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/06/08/2

Third Party Advisory x_refsource_misc

https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of

Third Party Advisory x_refsource_misc

https://github.com/yunuscadirci/CallStranger

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html

Third Party Advisory x_refsource_misc

https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/

Third Party Advisory x_refsource_misc

https://github.com/corelight/callstranger-detector

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4494-1/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2020/dsa-4806

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-4898

Scores

CVSS v3 7.5

EPSS 0.0398

EPSS Percentile 88.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

Details

CWE

CWE-276

Status published

Products (50)

asus/rt-n11

broadcom/adsl

canon/selphy_cp1200

canonical/ubuntu_linux 20.04

cisco/wap131

cisco/wap150

cisco/wap351

debian/debian_linux 9.0

debian/debian_linux 10.0

dell/b1165nfw

... and 40 more

Published Jun 08, 2020

Tracked Since Feb 18, 2026