Sign-up

ID

VAR-201301-0243


CVE

CVE-2013-0230


TITLE

MiniUPnP MiniUPnPd of HTTP Service Stack-based Buffer Overflow Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-001350

DESCRIPTION

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. MiniUPnP is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the device that uses the affected library. Failed exploit attempts will likely crash the application. MiniUPnP 1.0 is vulnerable; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2013-0230 // JVNDB: JVNDB-2013-001350 // BID: 57608 // VULMON: CVE-2013-0230

AFFECTED PRODUCTS

vendor:miniupnpmodel:miniupnpdscope:eqversion:1.0

Trust: 2.4

vendor:miniupnpmodel:project miniupnpscope:eqversion:1.0

Trust: 0.3

vendor:d linkmodel:dir-836lscope:eqversion:1.03

Trust: 0.3

vendor:d linkmodel:dir-826l 1.04b05scope: - version: -

Trust: 0.3

vendor:d linkmodel:dir-636lscope:eqversion:1.03

Trust: 0.3

vendor:d linkmodel:dir-626lscope:eqversion:1.03

Trust: 0.3

vendor:miniupnpmodel:project miniupnpscope:neversion:1.4

Trust: 0.3

vendor:miniupnpmodel:project miniupnpscope:neversion:1.3

Trust: 0.3

vendor:miniupnpmodel:project miniupnpscope:neversion:1.1

Trust: 0.3

vendor:d linkmodel:dir-836l 1.04b09scope:neversion: -

Trust: 0.3

vendor:d linkmodel:dir-826l 1.05b06scope:neversion: -

Trust: 0.3

vendor:d linkmodel:dir-636l 1.05b07scope:neversion: -

Trust: 0.3

vendor:d linkmodel:dir-626l 1.04b04scope:neversion: -

Trust: 0.3

sources: BID: 57608 // JVNDB: JVNDB-2013-001350 // CNNVD: CNNVD-201301-607 // NVD: CVE-2013-0230

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-0230
value: HIGH

Trust: 1.0

NVD: CVE-2013-0230
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201301-607
value: CRITICAL

Trust: 0.6

VULMON: CVE-2013-0230
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-0230
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2013-0230 // JVNDB: JVNDB-2013-001350 // CNNVD: CNNVD-201301-607 // NVD: CVE-2013-0230

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2013-001350 // NVD: CVE-2013-0230

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201301-607

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201301-607

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-001350

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2013-0230

PATCH
title:MiniUPnP Projecturl:http://miniupnp.free.fr/
Trust: 0.8
title:SecurityFlawsUPnPurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45369
Trust: 0.6
title: - url:https://github.com/CVEDB/PoC-List 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-0230 // 
            
            
            
            JVNDB: JVNDB-2013-001350 // 
            
            
            
            CNNVD: CNNVD-201301-607

EXTERNAL IDS
db:NVDid:CVE-2013-0230
Trust: 2.8
db:BIDid:57608
Trust: 1.4
db:EXPLOIT-DBid:36839
Trust: 1.1
db:JVNDBid:JVNDB-2013-001350
Trust: 0.8
db:CNNVDid:CNNVD-201301-607
Trust: 0.6
db:EXPLOIT-DBid:25975
Trust: 0.1
db:VULMONid:CVE-2013-0230
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-0230 // 
            
            
            
            BID: 57608 // 
            
            
            
            JVNDB: JVNDB-2013-001350 // 
            
            
            
            CNNVD: CNNVD-201301-607 // 
            
            
            
            NVD: CVE-2013-0230

REFERENCES
url:https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf
Trust: 1.7
url:https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
Trust: 1.7
url:http://www.securityfocus.com/bid/57608
Trust: 1.2
url:https://community.rapid7.com/servlet/servlet.filedownload?file=00p1400000ccafb
Trust: 1.1
url:https://www.exploit-db.com/exploits/36839/
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-0230
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-0230
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/25975/
Trust: 0.1
url:https://www.rapid7.com/db/modules/exploit/linux/upnp/miniupnpd_soap_bof
Trust: 0.1
sources:
            
            
            VULMON: CVE-2013-0230 // 
            
            
            
            JVNDB: JVNDB-2013-001350 // 
            
            
            
            CNNVD: CNNVD-201301-607 // 
            
            
            
            NVD: CVE-2013-0230

CREDITS
HD Moore of Rapid7
Trust: 0.3
sources:
            
            
            BID: 57608

SOURCES
db:VULMONid:CVE-2013-0230
db:BIDid:57608
db:JVNDBid:JVNDB-2013-001350
db:CNNVDid:CNNVD-201301-607
db:NVDid:CVE-2013-0230

LAST UPDATE DATE
2024-11-23T22:42:41.293000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2013-0230date:2016-12-08T00:00:00
db:BIDid:57608date:2015-05-12T19:46:00
db:JVNDBid:JVNDB-2013-001350date:2013-02-04T00:00:00
db:CNNVDid:CNNVD-201301-607date:2013-02-04T00:00:00
db:NVDid:CVE-2013-0230date:2024-11-21T01:47:06.913

SOURCES RELEASE DATE
db:VULMONid:CVE-2013-0230date:2013-01-31T00:00:00
db:BIDid:57608date:2013-01-28T00:00:00
db:JVNDBid:JVNDB-2013-001350date:2013-02-04T00:00:00
db:CNNVDid:CNNVD-201301-607date:2013-01-31T00:00:00
db:NVDid:CVE-2013-0230date:2013-01-31T21:55:01.520