Sign-up

ID

VAR-202006-0391


CVE

CVE-2020-12695


TITLE

Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

Trust: 0.8

sources: CERT/CC: VU#339275

DESCRIPTION

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. The Universal Plug and Play (UPnP) protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. The UPnP protocol, as specified by the Open Connectivity Foundation (OCF), is designed to provide automatic discovery and interaction with devices on a network. The UPnP protocol is designed to be used in a trusted local area network (LAN) and the protocol does not implement any form of authentication or verification. Many common Internet-connected devices support UPnP, as noted in previous research from Daniel Garcia (VU#357851) and Rapid7. Garcia presented at DEFCON 2019 and published a scanning and portmapping tool. The UPnP Device Protection service was not widely adopted. A vulnerability in the UPnP SUBSCRIBE capability permits an attacker to send large amounts of data to arbitrary destinations accessible over the Internet, which could lead to a Distributed Denial of Service (DDoS), data exfiltration, and other unexpected network behavior. The OCF has updated the UPnP specification to address this issue. This vulnerability has been assigned CVE-2020-12695 and is also known as Call Stranger. Although offering UPnP services on the Internet is generally considered to be a misconfiguration, a number of devices are still available over the Internet according to a recent Shodan scan. A remote, unauthenticated attacker may be able to abuse the UPnP SUBSCRIBE capability to send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration. In general, making UPnP available over the the Internet can pose further security vulnerabilities than the one described in this vulnerability note. Open Connectivity Foundation UPnP There is a vulnerability in the specification regarding improper default permissions.Information is obtained and service operation is interrupted (DoS) It may be put into a state. A security vulnerability exists in UPnP versions prior to 2020-04-17. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gssdp and gupnp security update Advisory ID: RHSA-2021:1789-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1789 Issue date: 2021-05-18 CVE Names: CVE-2020-12695 ==================================================================== 1. Summary: An update for gssdp and gupnp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928) Security Fix(es): * hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1846006 - CVE-2020-12695 hostapd: UPnP SUBSCRIBE misbehavior in WPS AP 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: gssdp-1.0.5-1.el8.src.rpm gupnp-1.0.6-1.el8.src.rpm aarch64: gssdp-1.0.5-1.el8.aarch64.rpm gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-1.0.6-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm ppc64le: gssdp-1.0.5-1.el8.ppc64le.rpm gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-1.0.6-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm s390x: gssdp-1.0.5-1.el8.s390x.rpm gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-1.0.6-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm x86_64: gssdp-1.0.5-1.el8.i686.rpm gssdp-1.0.5-1.el8.x86_64.rpm gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-1.0.6-1.el8.i686.rpm gupnp-1.0.6-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: gssdp-debuginfo-1.0.5-1.el8.aarch64.rpm gssdp-debugsource-1.0.5-1.el8.aarch64.rpm gssdp-devel-1.0.5-1.el8.aarch64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.aarch64.rpm gupnp-debuginfo-1.0.6-1.el8.aarch64.rpm gupnp-debugsource-1.0.6-1.el8.aarch64.rpm gupnp-devel-1.0.6-1.el8.aarch64.rpm noarch: gssdp-docs-1.0.5-1.el8.noarch.rpm ppc64le: gssdp-debuginfo-1.0.5-1.el8.ppc64le.rpm gssdp-debugsource-1.0.5-1.el8.ppc64le.rpm gssdp-devel-1.0.5-1.el8.ppc64le.rpm gssdp-utils-debuginfo-1.0.5-1.el8.ppc64le.rpm gupnp-debuginfo-1.0.6-1.el8.ppc64le.rpm gupnp-debugsource-1.0.6-1.el8.ppc64le.rpm gupnp-devel-1.0.6-1.el8.ppc64le.rpm s390x: gssdp-debuginfo-1.0.5-1.el8.s390x.rpm gssdp-debugsource-1.0.5-1.el8.s390x.rpm gssdp-devel-1.0.5-1.el8.s390x.rpm gssdp-utils-debuginfo-1.0.5-1.el8.s390x.rpm gupnp-debuginfo-1.0.6-1.el8.s390x.rpm gupnp-debugsource-1.0.6-1.el8.s390x.rpm gupnp-devel-1.0.6-1.el8.s390x.rpm x86_64: gssdp-debuginfo-1.0.5-1.el8.i686.rpm gssdp-debuginfo-1.0.5-1.el8.x86_64.rpm gssdp-debugsource-1.0.5-1.el8.i686.rpm gssdp-debugsource-1.0.5-1.el8.x86_64.rpm gssdp-devel-1.0.5-1.el8.i686.rpm gssdp-devel-1.0.5-1.el8.x86_64.rpm gssdp-utils-debuginfo-1.0.5-1.el8.i686.rpm gssdp-utils-debuginfo-1.0.5-1.el8.x86_64.rpm gupnp-debuginfo-1.0.6-1.el8.i686.rpm gupnp-debuginfo-1.0.6-1.el8.x86_64.rpm gupnp-debugsource-1.0.6-1.el8.i686.rpm gupnp-debugsource-1.0.6-1.el8.x86_64.rpm gupnp-devel-1.0.6-1.el8.i686.rpm gupnp-devel-1.0.6-1.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-12695 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPxUtzjgjWX9erEAQhZhw//Ypgq/0qu2SS/hw8alPmqQ6CG5C/xOqF6 uJL5HVQ+KPu8Go+UifB3xP3Izm9GYh9aNpcR3bPTx3NsfJdQyzPNSo8O2bC3mUBl Lw6Bh++uhaNx3ADaKfceEG5teXbkwAadSft0W7j9jiY70qjVWfvqKjzBS3UyOL/P ++SdPU96uOX9nAkeT3wqirWjXDjUMJLao6AvRtXOXJ2MNwJp436S/KemSkMq2Mg7 izSYf7Biojg5SMNM4rsFBSnIqmehomfsVFetttHImCfTYteTfddti42gMelZyG8k MK4CJw1DeR1e30teWaHnoVa9xAPJMKx56RG3/Wr+6Y5nK0rFZoZuMiJn2b7KodcH fYbfxkwrQQ/R9bYZn03YgCz4zl/hetsoITKFHcsPNB9qtdRdtQhYzeOG+AyiawWh YtF3vlomMlaxuOZV9zTJUIWZX/ev6wWx8VsXuHKMBwtBxO7l3M0Hd+BOxRPVE/mu m+DBcBQp7fvaw55tCAQtHS3CKvgGYijDvOFHBOkQw5Zh9ttdfLlKo4H4NU0W4dLN HJWuKGelB2vGc0eoqZ7yCi2xuWBYxjDIoYGzlwPJSnrrguqeLfOKVykja8AYpIET V/XCUk/geIiEbSRwAR8EPXDpTLLicGrR6pbekpMfALm/GGc5I4RyA9AbVNJ9fF+a 7bb2GlcOcWo=2GSN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-4722-1 February 04, 2021 minidlna vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: ReadyMedia (MiniDLNA) could be made to crash if it received specially crafted input. (CVE-2020-12695) It was discovered that ReadyMedia (MiniDLNA) allowed remote code execution. A remote attacker could send a malicious UPnP HTTP request to the service using HTTP chunked encoding and cause a denial of service. (CVE-2020-28926) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: minidlna 1.2.1+dfsg-2ubuntu0.1 Ubuntu 20.04 LTS: minidlna 1.2.1+dfsg-1ubuntu0.20.04.1 Ubuntu 18.04 LTS: minidlna 1.2.1+dfsg-1ubuntu0.18.04.1 Ubuntu 16.04 LTS: minidlna 1.1.5+dfsg-2ubuntu0.1 In general, a standard system update will make all the necessary changes. CVE-2020-12695 It was discovered that hostapd does not properly handle UPnP subscribe messages under certain conditions, allowing an attacker to cause a denial of service. CVE-2021-0326 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) group information from active group owners. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code. CVE-2021-27803 It was discovered that wpa_supplicant does not properly process P2P (Wi-Fi Direct) provision discovery requests. An attacker within radio range of the device running P2P could take advantage of this flaw to cause a denial of service or potentially execute arbitrary code. For the stable distribution (buster), these problems have been fixed in version 2:2.7+git20190128+0c1e29f-6+deb10u3. We recommend that you upgrade your wpa packages. For the detailed security status of wpa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpa Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCBxcZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QRbw//chJxW9vhszfe/MrHkuEBC/y0jzkQ0GxJG/DT+EXvHnq8KyVht92B81sU Ia860UeNygOY1vAe8izNVpxPEi1PpI7Y6VfvqcWC5dMFNEmOk8yMzJXPDYtwrO3b q7Fq6MJys6HTooIInCVjdwVTmvVfocEiOl2Oy+smBE8ylkUPIShJj+UsnBR3qMCB 9IoxgeFsHl4HpRzsC1uiTMmNPUqqychqzyn26aA+Vp5nfPkvpsSc6aA68BBUm529 5udANpQneYrsQ+EKMm2wQmw9xNWbrqzRUCmi/XGxJ5YEibOjMLZeBMWq35MRQKDS BaaEPbjPMbBP7p6yp795pdt/XgNL1cJPejEBBQWPs3PrRuW/inhjJbSvenPl5AIB wOV8OzoxDw0m5DdYr2IuYRNu3zt743e/v5oDhDOiSteBl7zjs4cUohfOryaH/htN 7Ok3BbhfVc7xfW/XhXNq2axXPGDdSOI3Y6ZXPgiTlX3eIm8Culg7Rm52JprbAc0a aP0pkGjHO3MAIsvRU/H7WGJbhCdS0i/XTAbuJming5zzCpigGaQG9wOawYH4lNJV BNEX/DjjcsZ4oETxWn0sG/LVIl3m2TCry2cayZsy8806nTqlhFS2py5tx6gn5NBi e5JGaYRgwa6TUxj4UjWnbdIKMpElbtXbMIOHSvG2Gnx/21siyg0= =CU/j -----END PGP SIGNATURE----- . In addition minidlna was susceptible to the "CallStranger" UPnP vulnerability

Trust: 3.06

sources: NVD: CVE-2020-12695 // CERT/CC: VU#339275 // JVNDB: JVNDB-2020-006708 // VULHUB: VHN-165399 // VULMON: CVE-2020-12695 // PACKETSTORM: 162672 // PACKETSTORM: 159172 // PACKETSTORM: 161288 // PACKETSTORM: 161397 // PACKETSTORM: 169049 // PACKETSTORM: 168951

AFFECTED PRODUCTS

vendor:hpmodel:officejet 4650 f1h96bscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:hpmodel:envy 5530scope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 3456 a9t84cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5646 f8b05ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4535 f0v64bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4521 k9t10bscope:eqversion: -

Trust: 1.0

vendor:zyxelmodel:vmg8324-b10ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5000 m2u85ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4522 f0v67ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4676 f1h98ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5000 m2u91ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5540 f2e72ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5020 m2u91bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5540 g0v51ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy pro 6455 5se45ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7800 k7s10dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5643 b9s63ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5547 j6u64ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4520 e6g67ascope:eqversion: -

Trust: 1.0

vendor:zyxelmodel:amg1202-t10bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4500 a9t80ascope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-2105scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6200 k7g18ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5000 m2u94bscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-340scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 120 cz022bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 100 cn519ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4535 f0v64cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4512 k9h49ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 111 cq810ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7830 y0g50bscope:eqversion: -

Trust: 1.0

vendor:broadcommodel:adslscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-100scope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-440scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5545 g0v50ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7100 k7g99ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4500 d3p93ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4528 k9t08bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 6020 5se17ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7800 k7s00ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5642 b9s64ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 3545 a9t81cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6230 k7g25bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5535scope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4675 f1h97bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:5030 m2u92bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6200 k7s21bscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:ep-101scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5644 b9s65ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6200 k7g26bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 7640scope:eqversion: -

Trust: 1.0

vendor:w1 fimodel:hostapdscope:ltversion:2.0.0

Trust: 1.0

vendor:hpmodel:envy 6540 b9s59ascope:eqversion: -

Trust: 1.0

vendor:ruckussecuritymodel:zonedirector 1200scope:eqversion: -

Trust: 1.0

vendor:hpmodel:5034 z4a74ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:5020 z4a69ascope:eqversion: -

Trust: 1.0

vendor:epsonmodel:m571tscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5546 k7c90ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4652 k9v84bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4520 f0v69ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4658 v6d30bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5640 b9s58ascope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:epsonmodel:ew-m970a3tscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 100 cn519bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 6052 5se18ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7800 k7r96ascope:eqversion: -

Trust: 1.0

vendor:netgearmodel:wnhde111scope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-330scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 100 cn517cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5542 k7c88ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4520 e6g67bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5543 n9u88ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4650 e6g87ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4525 k9t09bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 3545 a9t81ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:5660 f8b04ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy pro 6420 6wd14ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5665 f8b06ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4520 f0v63ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5536scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 110 cq809ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4524 f0v72bscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-320scope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 5575 g0v48bscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:wap150scope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4678 f1h99bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 110 cq812cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6222 y0k13dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7822 y0g43dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4655 k9v82bscope:eqversion: -

Trust: 1.0

vendor:dlinkmodel:dvg-n5412spscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7800 y0g42dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4516 k9h52ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6200 y0k15ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4502 a9t85ascope:eqversion: -

Trust: 1.0

vendor:tp linkmodel:archer c50scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4509 d3p94bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4656 k9v81bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4536 f0v65ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5540 g0v52ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7800 y0g52bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy pro 6420 5se46ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7100 k7g93ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5000 z4a54ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4650 f1h96ascope:eqversion: -

Trust: 1.0

vendor:dellmodel:b1165nfwscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4504 a9t88bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4502 a9t87bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5664 f8b08ascope:eqversion: -

Trust: 1.0

vendor:ztemodel:zxv10 w300scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:hg255sscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 120 cz022ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5541 k7g89ascope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-4100scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5548 k7g87ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4507 e6g70bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4520 f0v63bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4515scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 110 cq809cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4655 f1j00ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4505 a9t86ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6220 k7g21bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7100 z3m37ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6200 y0k13dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5539scope:eqversion: -

Trust: 1.0

vendor:hpmodel:5030 z4a70ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5544 k7c93ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4652 f1j02ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 114 cq812ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5000 m2u85bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 120 cz022cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 7644 e4w46ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5000 z4a74ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7822 y0g42dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4654 f1j07bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4657 v6d29bscope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows 10scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 6020 5se16bscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:hpmodel:envy photo 7164 k7g99ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4511 k9h50ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4654 f1j06bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5640 b9s56ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5000 m2u91ascope:eqversion:*

Trust: 1.0

vendor:hpmodel:envy 4508 e6g72bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4535 f0v64ascope:eqversion: -

Trust: 1.0

vendor:necmodel:wr8165nscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 110 cq809dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 100 cn517ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 114 cq811ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5540 g0v53ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5540 k7c85ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 5575 g0v48cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4538 f0v66bscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-702scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 6020 7cz37ascope:eqversion: -

Trust: 1.0

vendor:ciscomodel:wap131scope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-2101scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:hg532escope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy pro 6420 5se45bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7100 z3m52ascope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-960scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 6055 5se16ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6220 k7g20dscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-8600scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy pro 6420 6wd16ascope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:xbox onescope:eqversion:10.0.19041.2494

Trust: 1.0

vendor:hpmodel:envy 100 cn518ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7155 z3m52ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 7645 e4w44ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 114 cq811bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5531scope:eqversion: -

Trust: 1.0

vendor:uimodel:unifi controllerscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-8500scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6232 k7g26bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4655 k9v79ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 3548 a9t81bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4501 c8d05ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5544 k7c89ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4504 c8d04ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4503 e6g71bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 3546 a9t82ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4500 a9t89ascope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:hpmodel:envy 4509 d3p94ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5532scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 110 cq809bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6252 k7g22ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 6020 6wd35ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 3545 a9t83bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7120 z3m41dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4500 a9t80bscope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-620scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6222 y0k14dscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 100 cn517bscope:eqversion: -

Trust: 1.0

vendor:canonmodel:selphy cp1200scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:wap351scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4526 k9t05bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 7100 3xd89ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4675 f1h97cscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4524 k9t01ascope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-630scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4513 k9h51ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4527 j6u61bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:officejet 4652 f1j05bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4675 f1h97ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5534scope:eqversion: -

Trust: 1.0

vendor:asusmodel:rt-n11scope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-970scope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-241scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4524 f0v71bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy photo 6234 k7s21bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy pro 6452 5se47ascope:eqversion: -

Trust: 1.0

vendor:hpmodel:deskjet ink advantage 4518scope:eqversion: -

Trust: 1.0

vendor:epsonmodel:xp-4105scope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 4523 j6u60bscope:eqversion: -

Trust: 1.0

vendor:hpmodel:envy 5540 g0v47ascope:eqversion: -

Trust: 1.0

vendor:asustek computermodel:rt-n11scope: - version: -

Trust: 0.8

vendor:broadcommodel:adslscope: - version: -

Trust: 0.8

vendor:d linkmodel:dvg-n5412spscope: - version: -

Trust: 0.8

vendor:ubiquitimodel:unifi controllerscope: - version: -

Trust: 0.8

vendor:w1 fimodel:hostapdscope: - version: -

Trust: 0.8

vendor:canonmodel:selphy cp1200scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap131scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap150scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap351scope: - version: -

Trust: 0.8

vendor:dellmodel:b1165nfwscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006708 // NVD: CVE-2020-12695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-12695
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006708
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202006-597
value: HIGH

Trust: 0.6

VULHUB: VHN-165399
value: HIGH

Trust: 0.1

VULMON: CVE-2020-12695
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-12695
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006708
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-165399
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-12695
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006708
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-165399 // VULMON: CVE-2020-12695 // JVNDB: JVNDB-2020-006708 // CNNVD: CNNVD-202006-597 // NVD: CVE-2020-12695

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.9

sources: VULHUB: VHN-165399 // JVNDB: JVNDB-2020-006708 // NVD: CVE-2020-12695

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 159172 // PACKETSTORM: 161288 // CNNVD: CNNVD-202006-597

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-597

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006708

PATCH
title:RT-N11url:https://www.asus.com/us/Networking/RTN11/
Trust: 0.8
title:Top Pageurl:https://www.broadcom.com/
Trust: 0.8
title:Canon SELPHY CP1200url:https://en.canon-me.com/support/consumer_products/products/printers/compact_photo/cd__cp_series/selphy_cp1200.html?type=drivers&language=&os=windows%208.1%20(64-bit)
Trust: 0.8
title:Top Pageurl:https://www.cisco.com/c/en/us/index.html
Trust: 0.8
title:Top Pageurl:https://us.dlink.com/en/consumer
Trust: 0.8
title:Top Pageurl:https://www.dell.com/en-us
Trust: 0.8
title:Top Pageurl:https://community.ui.com/
Trust: 0.8
title:hostapdurl:https://jvndb.jvn.jp/ja/contents/2019/JVNDB-2019-013311.html
Trust: 0.8
title:Debian CVElist Bug Report Logs: wpa: CVE-2020-12695url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=cdef40da4b3b6b2f4fcf08e447d20494
Trust: 0.1
title:Debian Security Advisories: DSA-4806-1 minidlna -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5e0b1e00748aee507290bde9650370c7
Trust: 0.1
title:Arch Linux Advisories: [ASA-202012-16] hostapd: proxy injectionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202012-16
Trust: 0.1
title:Debian Security Advisories: DSA-4898-1 wpa -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=2832d7aeef980951ddf42089219be7b3
Trust: 0.1
title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-12695 log
Trust: 0.1
title:awesome-from-starsurl:https://github.com/krzemienski/awesome-from-stars 
Trust: 0.1
title:callstranger-detectorurl:https://github.com/corelight/callstranger-detector 
Trust: 0.1
title:CallStrangerurl:https://github.com/yunuscadirci/CallStranger 
Trust: 0.1
title: - url:https://github.com/Xcod3bughunt3r/CallStranger 
Trust: 0.1
title: - url:https://github.com/yunuscadirci/DIALStranger 
Trust: 0.1
title: - url:https://github.com/aoeII/asuswrt-for-Tenda-AC9-Router 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-12695 // 
            
            
            
            JVNDB: JVNDB-2020-006708

EXTERNAL IDS
db:NVDid:CVE-2020-12695
Trust: 4.0
db:CERT/CCid:VU#339275
Trust: 3.3
db:PACKETSTORMid:158051
Trust: 1.7
db:OPENWALLid:OSS-SECURITY/2020/06/08/2
Trust: 1.7
db:PACKETSTORMid:161288
Trust: 0.8
db:PACKETSTORMid:162672
Trust: 0.8
db:PACKETSTORMid:159172
Trust: 0.8
db:JVNDBid:JVNDB-2020-006708
Trust: 0.8
db:CNNVDid:CNNVD-202006-597
Trust: 0.7
db:CS-HELPid:SB2021122905
Trust: 0.6
db:CS-HELPid:SB2021052202
Trust: 0.6
db:AUSCERTid:ESB-2021.1382
Trust: 0.6
db:AUSCERTid:ESB-2021.0575
Trust: 0.6
db:AUSCERTid:ESB-2020.4315
Trust: 0.6
db:AUSCERTid:ESB-2021.1728
Trust: 0.6
db:AUSCERTid:ESB-2021.0417
Trust: 0.6
db:AUSCERTid:ESB-2020.4372
Trust: 0.6
db:AUSCERTid:ESB-2020.2705
Trust: 0.6
db:AUSCERTid:ESB-2020.4315.2
Trust: 0.6
db:AUSCERTid:ESB-2020.2733
Trust: 0.6
db:AUSCERTid:ESB-2020.3160
Trust: 0.6
db:PACKETSTORMid:161397
Trust: 0.2
db:PACKETSTORMid:161444
Trust: 0.1
db:CNVDid:CNVD-2020-37941
Trust: 0.1
db:VULHUBid:VHN-165399
Trust: 0.1
db:VULMONid:CVE-2020-12695
Trust: 0.1
db:PACKETSTORMid:169049
Trust: 0.1
db:PACKETSTORMid:168951
Trust: 0.1
sources:
            
            
            CERT/CC: VU#339275 // 
            
            
            
            VULHUB: VHN-165399 // 
            
            
            
            VULMON: CVE-2020-12695 // 
            
            
            
            JVNDB: JVNDB-2020-006708 // 
            
            
            
            PACKETSTORM: 162672 // 
            
            
            
            PACKETSTORM: 159172 // 
            
            
            
            PACKETSTORM: 161288 // 
            
            
            
            PACKETSTORM: 161397 // 
            
            
            
            PACKETSTORM: 169049 // 
            
            
            
            PACKETSTORM: 168951 // 
            
            
            
            CNNVD: CNNVD-202006-597 // 
            
            
            
            NVD: CVE-2020-12695

REFERENCES
url:https://www.kb.cert.org/vuls/id/339275
Trust: 3.1
url:https://github.com/yunuscadirci/callstranger
Trust: 2.5
url:https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
Trust: 2.5
url:http://packetstormsecurity.com/files/158051/callstranger-upnp-vulnerability-checker.html
Trust: 2.3
url:https://www.debian.org/security/2020/dsa-4806
Trust: 1.7
url:https://www.debian.org/security/2021/dsa-4898
Trust: 1.7
url:https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
Trust: 1.7
url:https://github.com/corelight/callstranger-detector
Trust: 1.7
url:https://www.callstranger.com
Trust: 1.7
url:https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html
Trust: 1.7
url:https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
Trust: 1.7
url:https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html
Trust: 1.7
url:http://www.openwall.com/lists/oss-security/2020/06/08/2
Trust: 1.7
url:https://usn.ubuntu.com/4494-1/
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-12695
Trust: 1.2
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/
Trust: 1.0
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/
Trust: 1.0
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/
Trust: 1.0
url:https://callstranger.com
Trust: 0.8
url:https://openconnectivity.org/developer/specifications/upnp-resources/upnp/
Trust: 0.8
url:https://kb.cert.org/vuls/search/?q=upnp
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12695
Trust: 0.8
url:https://jvn.jp/ta/jvnta95827565/
Trust: 0.8
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rqeyvy4d7lash6ai4wk3ik2qbfhhf3q2/
Trust: 0.7
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/mzdwhkgn3lmgsueoaavamod3iuipjvoj/
Trust: 0.7
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l3shl4lofghj3dixsuiqelgvbdj7v7lb/
Trust: 0.7
url:https://www.cybersecurity-help.cz/vdb/sb2021052202
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.4372/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.1728
Trust: 0.6
url:https://packetstormsecurity.com/files/162672/red-hat-security-advisory-2021-1789-01.html
Trust: 0.6
url:https://www.cybersecurity-help.cz/vdb/sb2021122905
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.0417
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.3160/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2733/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.1382
Trust: 0.6
url:https://packetstormsecurity.com/files/159172/ubuntu-security-notice-usn-4494-1.html
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.4315.2/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.0575
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2705/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.4315/
Trust: 0.6
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200701-01-upnp-cn
Trust: 0.6
url:https://packetstormsecurity.com/files/161288/ubuntu-security-notice-usn-4722-1.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/upnp-information-disclosure-via-subscribe-delivery-url-32701
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-28926
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-0326
Trust: 0.2
url:https://www.debian.org/security/faq
Trust: 0.2
url:https://www.debian.org/security/
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-12695
Trust: 0.1
url:https://listman.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.1
url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/
Trust: 0.1
url:https://access.redhat.com/security/updates/classification/#moderate
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2021:1789
Trust: 0.1
url:https://access.redhat.com/articles/11258
Trust: 0.1
url:https://access.redhat.com/security/team/key/
Trust: 0.1
url:https://bugzilla.redhat.com/):
Trust: 0.1
url:https://access.redhat.com/security/team/contact/
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/gupnp/1.2.3-0ubuntu0.20.04.1
Trust: 0.1
url:https://usn.ubuntu.com/4494-1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.18.04.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-1ubuntu0.20.04.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/minidlna/1.1.5+dfsg-2ubuntu0.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/minidlna/1.2.1+dfsg-2ubuntu0.1
Trust: 0.1
url:https://usn.ubuntu.com/4722-1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.7
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu8.1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.7
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.2
Trust: 0.1
url:https://usn.ubuntu.com/4734-1
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-27803
Trust: 0.1
url:https://security-tracker.debian.org/tracker/wpa
Trust: 0.1
url:https://security-tracker.debian.org/tracker/minidlna
Trust: 0.1
sources:
            
            
            CERT/CC: VU#339275 // 
            
            
            
            VULHUB: VHN-165399 // 
            
            
            
            JVNDB: JVNDB-2020-006708 // 
            
            
            
            PACKETSTORM: 162672 // 
            
            
            
            PACKETSTORM: 159172 // 
            
            
            
            PACKETSTORM: 161288 // 
            
            
            
            PACKETSTORM: 161397 // 
            
            
            
            PACKETSTORM: 169049 // 
            
            
            
            PACKETSTORM: 168951 // 
            
            
            
            CNNVD: CNNVD-202006-597 // 
            
            
            
            NVD: CVE-2020-12695

CREDITS
This vulnerability was reported by Yunus Çadirci from EY Turkey. This document was written by Vijay Sarvepalli. 
Trust: 0.8
sources:
            
            
            CERT/CC: VU#339275

SOURCES
db:CERT/CCid:VU#339275
db:VULHUBid:VHN-165399
db:VULMONid:CVE-2020-12695
db:JVNDBid:JVNDB-2020-006708
db:PACKETSTORMid:162672
db:PACKETSTORMid:159172
db:PACKETSTORMid:161288
db:PACKETSTORMid:161397
db:PACKETSTORMid:169049
db:PACKETSTORMid:168951
db:CNNVDid:CNNVD-202006-597
db:NVDid:CVE-2020-12695

LAST UPDATE DATE
2024-09-19T00:12:53.057000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#339275date:2020-07-08T00:00:00
db:VULHUBid:VHN-165399date:2021-04-23T00:00:00
db:VULMONid:CVE-2020-12695date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-006708date:2020-07-15T00:00:00
db:CNNVDid:CNNVD-202006-597date:2023-04-27T00:00:00
db:NVDid:CVE-2020-12695date:2024-04-08T22:50:14.587

SOURCES RELEASE DATE
db:CERT/CCid:VU#339275date:2020-06-08T00:00:00
db:VULHUBid:VHN-165399date:2020-06-08T00:00:00
db:VULMONid:CVE-2020-12695date:2020-06-08T00:00:00
db:JVNDBid:JVNDB-2020-006708date:2020-07-15T00:00:00
db:PACKETSTORMid:162672date:2021-05-19T14:10:26
db:PACKETSTORMid:159172date:2020-09-15T17:05:32
db:PACKETSTORMid:161288date:2021-02-04T21:34:49
db:PACKETSTORMid:161397date:2021-02-12T17:29:06
db:PACKETSTORMid:169049date:2021-04-28T19:12:00
db:PACKETSTORMid:168951date:2020-12-28T20:12:00
db:CNNVDid:CNNVD-202006-597date:2020-06-08T00:00:00
db:NVDid:CVE-2020-12695date:2020-06-08T17:15:09.973