Back to search
CVE-2020-12695
Published: Jun 8, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.callstranger.com
x_refsource_MISC
https://www.kb.cert.org/vuls/id/339275
x_refsource_MISC
[oss-security] 20200608 hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP
mailing-list
x_refsource_MLIST
https://github.com/yunuscadirci/CallStranger
x_refsource_MISC
https://github.com/corelight/callstranger-detector
x_refsource_MISC
FEDORA-2020-df3e1cfde9
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-1f7fc0d0c9
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-e538e3e526
vendor-advisory
x_refsource_FEDORA
[debian-lts-announce] 20200806 [SECURITY] [DLA 2315-1] gupnp security update
mailing-list
x_refsource_MLIST
[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update
mailing-list
x_refsource_MLIST
USN-4494-1
vendor-advisory
x_refsource_UBUNTU
DSA-4806
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20201210 [SECURITY] [DLA 2489-1] minidlna security update
mailing-list
x_refsource_MLIST
DSA-4898
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now