Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Published

2020-06-08T17:15:09.973

Last Modified

2024-11-21T05:00:05.367

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

7.8

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ui	unifi_controller	-	Yes
Application	w1.fi	hostapd	< 2.0.0	Yes
Hardware	asus	rt-n11	-	Yes
Hardware	broadcom	adsl	-	Yes
Hardware	canon	selphy_cp1200	-	Yes
Hardware	cisco	wap131	-	Yes
Hardware	cisco	wap150	-	Yes
Hardware	cisco	wap351	-	Yes
Hardware	dlink	dvg-n5412sp	-	Yes
Hardware	dell	b1165nfw	-	Yes
Hardware	epson	ep-101	-	Yes
Hardware	epson	ew-m970a3t	-	Yes
Hardware	epson	m571t	-	Yes
Hardware	epson	xp-100	-	Yes
Hardware	epson	xp-2101	-	Yes
Hardware	epson	xp-2105	-	Yes
Hardware	epson	xp-241	-	Yes
Hardware	epson	xp-320	-	Yes
Hardware	epson	xp-330	-	Yes
Hardware	epson	xp-340	-	Yes
Hardware	epson	xp-4100	-	Yes
Hardware	epson	xp-4105	-	Yes
Hardware	epson	xp-440	-	Yes
Hardware	epson	xp-620	-	Yes
Hardware	epson	xp-630	-	Yes
Hardware	epson	xp-702	-	Yes
Hardware	epson	xp-8500	-	Yes
Hardware	epson	xp-8600	-	Yes
Hardware	epson	xp-960	-	Yes
Hardware	epson	xp-970	-	Yes
Hardware	hp	5020_z4a69a	-	Yes
Hardware	hp	5030_m2u92b	-	Yes
Hardware	hp	5030_z4a70a	-	Yes
Hardware	hp	5034_z4a74a	-	Yes
Hardware	hp	5660_f8b04a	-	Yes
Hardware	hp	deskjet_ink_advantage_3456_a9t84c	-	Yes
Hardware	hp	deskjet_ink_advantage_3545_a9t81a	-	Yes
Hardware	hp	deskjet_ink_advantage_3545_a9t81c	-	Yes
Hardware	hp	deskjet_ink_advantage_3545_a9t83b	-	Yes
Hardware	hp	deskjet_ink_advantage_3546_a9t82a	-	Yes
Hardware	hp	deskjet_ink_advantage_3548_a9t81b	-	Yes
Hardware	hp	deskjet_ink_advantage_4515	-	Yes
Hardware	hp	deskjet_ink_advantage_4518	-	Yes
Hardware	hp	deskjet_ink_advantage_4535_f0v64a	-	Yes
Hardware	hp	deskjet_ink_advantage_4535_f0v64b	-	Yes
Hardware	hp	deskjet_ink_advantage_4535_f0v64c	-	Yes
Hardware	hp	deskjet_ink_advantage_4536_f0v65a	-	Yes
Hardware	hp	deskjet_ink_advantage_4538_f0v66b	-	Yes
Hardware	hp	deskjet_ink_advantage_4675_f1h97a	-	Yes
Hardware	hp	deskjet_ink_advantage_4675_f1h97b	-	Yes
Hardware	hp	deskjet_ink_advantage_4675_f1h97c	-	Yes
Hardware	hp	deskjet_ink_advantage_4676_f1h98a	-	Yes
Hardware	hp	deskjet_ink_advantage_4678_f1h99b	-	Yes
Hardware	hp	deskjet_ink_advantage_5575_g0v48b	-	Yes
Hardware	hp	deskjet_ink_advantage_5575_g0v48c	-	Yes
Hardware	hp	envy_100_cn517a	-	Yes
Hardware	hp	envy_100_cn517b	-	Yes
Hardware	hp	envy_100_cn517c	-	Yes
Hardware	hp	envy_100_cn518a	-	Yes
Hardware	hp	envy_100_cn519a	-	Yes
Hardware	hp	envy_100_cn519b	-	Yes
Hardware	hp	envy_110_cq809a	-	Yes
Hardware	hp	envy_110_cq809b	-	Yes
Hardware	hp	envy_110_cq809c	-	Yes
Hardware	hp	envy_110_cq809d	-	Yes
Hardware	hp	envy_110_cq812c	-	Yes
Hardware	hp	envy_111_cq810a	-	Yes
Hardware	hp	envy_114_cq811a	-	Yes
Hardware	hp	envy_114_cq811b	-	Yes
Hardware	hp	envy_114_cq812a	-	Yes
Hardware	hp	envy_120_cz022a	-	Yes
Hardware	hp	envy_120_cz022b	-	Yes
Hardware	hp	envy_120_cz022c	-	Yes
Hardware	hp	envy_4500_a9t80a	-	Yes
Hardware	hp	envy_4500_a9t80b	-	Yes
Hardware	hp	envy_4500_a9t89a	-	Yes
Hardware	hp	envy_4500_d3p93a	-	Yes
Hardware	hp	envy_4501_c8d05a	-	Yes
Hardware	hp	envy_4502_a9t85a	-	Yes
Hardware	hp	envy_4502_a9t87b	-	Yes
Hardware	hp	envy_4503_e6g71b	-	Yes
Hardware	hp	envy_4504_a9t88b	-	Yes
Hardware	hp	envy_4504_c8d04a	-	Yes
Hardware	hp	envy_4505_a9t86a	-	Yes
Hardware	hp	envy_4507_e6g70b	-	Yes
Hardware	hp	envy_4508_e6g72b	-	Yes
Hardware	hp	envy_4509_d3p94a	-	Yes
Hardware	hp	envy_4509_d3p94b	-	Yes
Hardware	hp	envy_4511_k9h50a	-	Yes
Hardware	hp	envy_4512_k9h49a	-	Yes
Hardware	hp	envy_4513_k9h51a	-	Yes
Hardware	hp	envy_4516_k9h52a	-	Yes
Hardware	hp	envy_4520_e6g67a	-	Yes
Hardware	hp	envy_4520_e6g67b	-	Yes
Hardware	hp	envy_4520_f0v63a	-	Yes
Hardware	hp	envy_4520_f0v63b	-	Yes
Hardware	hp	envy_4520_f0v69a	-	Yes
Hardware	hp	envy_4521_k9t10b	-	Yes
Hardware	hp	envy_4522_f0v67a	-	Yes
Hardware	hp	envy_4523_j6u60b	-	Yes
Hardware	hp	envy_4524_f0v71b	-	Yes
Hardware	hp	envy_4524_f0v72b	-	Yes
Hardware	hp	envy_4524_k9t01a	-	Yes
Hardware	hp	envy_4525_k9t09b	-	Yes
Hardware	hp	envy_4526_k9t05b	-	Yes
Hardware	hp	envy_4527_j6u61b	-	Yes
Hardware	hp	envy_4528_k9t08b	-	Yes
Hardware	hp	envy_5000_m2u85a	-	Yes
Hardware	hp	envy_5000_m2u85b	-	Yes
Hardware	hp	envy_5000_m2u91a	*	Yes
Hardware	hp	envy_5000_m2u91a	-	Yes
Hardware	hp	envy_5000_m2u94b	-	Yes
Hardware	hp	envy_5000_z4a54a	-	Yes
Hardware	hp	envy_5000_z4a74a	-	Yes
Hardware	hp	envy_5020_m2u91b	-	Yes
Hardware	hp	envy_5530	-	Yes
Hardware	hp	envy_5531	-	Yes
Hardware	hp	envy_5532	-	Yes
Hardware	hp	envy_5534	-	Yes
Hardware	hp	envy_5535	-	Yes
Hardware	hp	envy_5536	-	Yes
Hardware	hp	envy_5539	-	Yes
Hardware	hp	envy_5540_f2e72a	-	Yes
Hardware	hp	envy_5540_g0v47a	-	Yes
Hardware	hp	envy_5540_g0v51a	-	Yes
Hardware	hp	envy_5540_g0v52a	-	Yes
Hardware	hp	envy_5540_g0v53a	-	Yes
Hardware	hp	envy_5540_k7c85a	-	Yes
Hardware	hp	envy_5541_k7g89a	-	Yes
Hardware	hp	envy_5542_k7c88a	-	Yes
Hardware	hp	envy_5543_n9u88a	-	Yes
Hardware	hp	envy_5544_k7c89a	-	Yes
Hardware	hp	envy_5544_k7c93a	-	Yes
Hardware	hp	envy_5545_g0v50a	-	Yes
Hardware	hp	envy_5546_k7c90a	-	Yes
Hardware	hp	envy_5547_j6u64a	-	Yes
Hardware	hp	envy_5548_k7g87a	-	Yes
Hardware	hp	envy_5640_b9s56a	-	Yes
Hardware	hp	envy_5640_b9s58a	-	Yes
Hardware	hp	envy_5642_b9s64a	-	Yes
Hardware	hp	envy_5643_b9s63a	-	Yes
Hardware	hp	envy_5644_b9s65a	-	Yes
Hardware	hp	envy_5646_f8b05a	-	Yes
Hardware	hp	envy_5664_f8b08a	-	Yes
Hardware	hp	envy_5665_f8b06a	-	Yes
Hardware	hp	envy_6020_5se16b	-	Yes
Hardware	hp	envy_6020_5se17a	-	Yes
Hardware	hp	envy_6020_6wd35a	-	Yes
Hardware	hp	envy_6020_7cz37a	-	Yes
Hardware	hp	envy_6052_5se18a	-	Yes
Hardware	hp	envy_6055_5se16a	-	Yes
Hardware	hp	envy_6540_b9s59a	-	Yes
Hardware	hp	envy_7640	-	Yes
Hardware	hp	envy_7644_e4w46a	-	Yes
Hardware	hp	envy_7645_e4w44a	-	Yes
Hardware	hp	envy_photo_6200_k7g18a	-	Yes
Hardware	hp	envy_photo_6200_k7g26b	-	Yes
Hardware	hp	envy_photo_6200_k7s21b	-	Yes
Hardware	hp	envy_photo_6200_y0k13d_	-	Yes
Hardware	hp	envy_photo_6200_y0k15a	-	Yes
Hardware	hp	envy_photo_6220_k7g20d	-	Yes
Hardware	hp	envy_photo_6220_k7g21b	-	Yes
Hardware	hp	envy_photo_6222_y0k13d	-	Yes
Hardware	hp	envy_photo_6222_y0k14d	-	Yes
Hardware	hp	envy_photo_6230_k7g25b	-	Yes
Hardware	hp	envy_photo_6232_k7g26b	-	Yes
Hardware	hp	envy_photo_6234_k7s21b	-	Yes
Hardware	hp	envy_photo_6252_k7g22a	-	Yes
Hardware	hp	envy_photo_7100_3xd89a	-	Yes
Hardware	hp	envy_photo_7100_k7g93a	-	Yes
Hardware	hp	envy_photo_7100_k7g99a	-	Yes
Hardware	hp	envy_photo_7100_z3m37a	-	Yes
Hardware	hp	envy_photo_7100_z3m52a	-	Yes
Hardware	hp	envy_photo_7120_z3m41d	-	Yes
Hardware	hp	envy_photo_7155_z3m52a	-	Yes
Hardware	hp	envy_photo_7164_k7g99a	-	Yes
Hardware	hp	envy_photo_7800_k7r96a	-	Yes
Hardware	hp	envy_photo_7800_k7s00a	-	Yes
Hardware	hp	envy_photo_7800_k7s10d	-	Yes
Hardware	hp	envy_photo_7800_y0g42d	-	Yes
Hardware	hp	envy_photo_7800_y0g52b	-	Yes
Hardware	hp	envy_photo_7822_y0g42d	-	Yes
Hardware	hp	envy_photo_7822_y0g43d	-	Yes
Hardware	hp	envy_photo_7830_y0g50b	-	Yes
Hardware	hp	envy_pro_6420_5se45b	-	Yes
Hardware	hp	envy_pro_6420_5se46a	-	Yes
Hardware	hp	envy_pro_6420_6wd14a	-	Yes
Hardware	hp	envy_pro_6420_6wd16a	-	Yes
Hardware	hp	envy_pro_6452_5se47a	-	Yes
Hardware	hp	envy_pro_6455_5se45a	-	Yes
Hardware	hp	officejet_4650_e6g87a	-	Yes
Hardware	hp	officejet_4650_f1h96a	-	Yes
Hardware	hp	officejet_4650_f1h96b	-	Yes
Hardware	hp	officejet_4652_f1j02a	-	Yes
Hardware	hp	officejet_4652_f1j05b	-	Yes
Hardware	hp	officejet_4652_k9v84b	-	Yes
Hardware	hp	officejet_4654_f1j06b	-	Yes
Hardware	hp	officejet_4654_f1j07b	-	Yes
Hardware	hp	officejet_4655_f1j00a	-	Yes
Hardware	hp	officejet_4655_k9v79a	-	Yes
Hardware	hp	officejet_4655_k9v82b	-	Yes
Hardware	hp	officejet_4656_k9v81b	-	Yes
Hardware	hp	officejet_4657_v6d29b	-	Yes
Hardware	hp	officejet_4658_v6d30b	-	Yes
Hardware	huawei	hg255s	-	Yes
Hardware	huawei	hg532e	-	Yes
Hardware	nec	wr8165n	-	Yes
Hardware	netgear	wnhde111	-	Yes
Hardware	ruckussecurity	zonedirector_1200	-	Yes
Hardware	tp-link	archer_c50	-	Yes
Hardware	zte	zxv10_w300	-	Yes
Hardware	zyxel	amg1202-t10b	-	Yes
Hardware	zyxel	vmg8324-b10a	-	Yes
Operating System	microsoft	windows_10	-	Yes
Operating System	microsoft	xbox_one	10.0.19041.2494	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	canonical	ubuntu_linux	20.04	Yes

References

http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html Third Party Advisory, VDB Entry ([email protected])
http://www.openwall.com/lists/oss-security/2020/06/08/2 Mailing List, Third Party Advisory ([email protected])
https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/ Third Party Advisory ([email protected])
https://github.com/corelight/callstranger-detector Third Party Advisory ([email protected])
https://github.com/yunuscadirci/CallStranger Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/ Mailing List, Third Party Advisory ([email protected])
https://usn.ubuntu.com/4494-1/ Third Party Advisory ([email protected])
https://www.callstranger.com Broken Link ([email protected])
https://www.debian.org/security/2020/dsa-4806 Third Party Advisory ([email protected])
https://www.debian.org/security/2021/dsa-4898 Third Party Advisory ([email protected])
https://www.kb.cert.org/vuls/id/339275 Third Party Advisory, US Government Resource ([email protected])
https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/06/08/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/corelight/callstranger-detector Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/yunuscadirci/CallStranger Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4494-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.callstranger.com Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4806 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4898 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/339275 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)