This PoC exploits an out-of-bounds read vulnerability in miniupnpd <= v2.1 by sending a crafted SUBSCRIBE request with an oversized Callback header, causing the server to leak arbitrary heap data. The exploit sets up a local HTTP server to capture the leaked data.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:miniupnpd <= v2.1
No auth needed
Prerequisites:Network access to the vulnerable miniupnpd service · Ability to send HTTP requests to the target