CVE-2020-12695

Description from NVD

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Information Acquisition Date:2021-04-27T10:44Z
CVSS 2.0: 7.8 HIGH CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:N/A:C

NVD References

 https://www.callstranger.com
     source:MISC
     tags:Third Party Advisory    
 https://www.kb.cert.org/vuls/id/339275
     source:MISC
     tags:Third Party Advisory    US Government Resource    
 [oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
     source:MISC
     tags:Third Party Advisory    
 https://github.com/yunuscadirci/CallStranger
     source:MISC
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 https://github.com/corelight/callstranger-detector
     source:MISC
     tags:
 https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
     source:MISC
     tags:
 FEDORA-2020-df3e1cfde9
     source:FEDORA
     tags:
 FEDORA-2020-1f7fc0d0c9
     source:FEDORA
     tags:
 FEDORA-2020-e538e3e526
     source:FEDORA
     tags:
 [debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update
     source:MLIST
     tags:
 [debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update
     source:MLIST
     tags:
 USN-4494-1
     source:UBUNTU
     tags:
 DSA-4806
     source:DEBIAN
     tags:
 [debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update
     source:MLIST
     tags:
 DSA-4898
     source:DEBIAN
     tags:

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://lists.astaro.com/ASGV9-IPS-rules.html27
http://newsbythehour.org/cybr27
https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/7
https://github.com/yunuscadirci/CallStranger5
https://kb.cert.org/vuls/id/3392754
https://twitter.com/campuscodi/status/12700811450871644173
https://www.tenable.com/blog/cve-2020-12695-callstranger-vu...3
https://callstranger.com/3
https://www.callstranger.com/3

Information from Twitter

User URL Info Source Date
VulmonFeeds http://vulmon.com/vulnerabilitydetails?qid=CVE-2020-12695 Source VulmonFeeds      1493608526186528777 2022/02/16

List of frequently cited URLs

URLNum of Times Referred to
lists.astaro.com27
newsbythehour.org27
www.helpnetsecurity.com7
github.com5
kb.cert.org4
twitter.com3
www.tenable.com3
callstranger.com3
www.callstranger.com3

Information from Twitter

User URL Info Source
VulmonFeeds vulmon.com Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2022/02/16 Score : 1
Added Har-sia Database : 2020/06/09
Last Modified : 2022/02/16
Highest Scored Date : 2020/06/09
Highest Score : 44