Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 7.5, indicating it can be exploited remotely over the network but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, and availability (service disruption) for affected systems. Impacting 217 products from ui, from w1.fi, from asus and 214 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2020, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2020-06-08T17:15:09.973

Last Modified

2024-11-21T05:00:05.367

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

7.8

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	ui	unifi_controller	-	Yes
Application	w1.fi	hostapd	< 2.0.0	Yes
Hardware	asus	rt-n11	-	Yes
Hardware	broadcom	adsl	-	Yes
Hardware	canon	selphy_cp1200	-	Yes
Hardware	cisco	wap131	-	Yes
Hardware	cisco	wap150	-	Yes
Hardware	cisco	wap351	-	Yes
Hardware	dlink	dvg-n5412sp	-	Yes
Hardware	dell	b1165nfw	-	Yes
Hardware	epson	ep-101	-	Yes
Hardware	epson	ew-m970a3t	-	Yes
Hardware	epson	m571t	-	Yes
Hardware	epson	xp-100	-	Yes
Hardware	epson	xp-2101	-	Yes
Hardware	epson	xp-2105	-	Yes
Hardware	epson	xp-241	-	Yes
Hardware	epson	xp-320	-	Yes
Hardware	epson	xp-330	-	Yes
Hardware	epson	xp-340	-	Yes
Hardware	epson	xp-4100	-	Yes
Hardware	epson	xp-4105	-	Yes
Hardware	epson	xp-440	-	Yes
Hardware	epson	xp-620	-	Yes
Hardware	epson	xp-630	-	Yes
Hardware	epson	xp-702	-	Yes
Hardware	epson	xp-8500	-	Yes
Hardware	epson	xp-8600	-	Yes
Hardware	epson	xp-960	-	Yes
Hardware	epson	xp-970	-	Yes
Hardware	hp	5020_z4a69a	-	Yes
Hardware	hp	5030_m2u92b	-	Yes
Hardware	hp	5030_z4a70a	-	Yes
Hardware	hp	5034_z4a74a	-	Yes
Hardware	hp	5660_f8b04a	-	Yes
Hardware	hp	deskjet_ink_advantage_3456_a9t84c	-	Yes
Hardware	hp	deskjet_ink_advantage_3545_a9t81a	-	Yes
Hardware	hp	deskjet_ink_advantage_3545_a9t81c	-	Yes
Hardware	hp	deskjet_ink_advantage_3545_a9t83b	-	Yes
Hardware	hp	deskjet_ink_advantage_3546_a9t82a	-	Yes
Hardware	hp	deskjet_ink_advantage_3548_a9t81b	-	Yes
Hardware	hp	deskjet_ink_advantage_4515	-	Yes
Hardware	hp	deskjet_ink_advantage_4518	-	Yes
Hardware	hp	deskjet_ink_advantage_4535_f0v64a	-	Yes
Hardware	hp	deskjet_ink_advantage_4535_f0v64b	-	Yes
Hardware	hp	deskjet_ink_advantage_4535_f0v64c	-	Yes
Hardware	hp	deskjet_ink_advantage_4536_f0v65a	-	Yes
Hardware	hp	deskjet_ink_advantage_4538_f0v66b	-	Yes
Hardware	hp	deskjet_ink_advantage_4675_f1h97a	-	Yes
Hardware	hp	deskjet_ink_advantage_4675_f1h97b	-	Yes
Hardware	hp	deskjet_ink_advantage_4675_f1h97c	-	Yes
Hardware	hp	deskjet_ink_advantage_4676_f1h98a	-	Yes
Hardware	hp	deskjet_ink_advantage_4678_f1h99b	-	Yes
Hardware	hp	deskjet_ink_advantage_5575_g0v48b	-	Yes
Hardware	hp	deskjet_ink_advantage_5575_g0v48c	-	Yes
Hardware	hp	envy_100_cn517a	-	Yes
Hardware	hp	envy_100_cn517b	-	Yes
Hardware	hp	envy_100_cn517c	-	Yes
Hardware	hp	envy_100_cn518a	-	Yes
Hardware	hp	envy_100_cn519a	-	Yes
Hardware	hp	envy_100_cn519b	-	Yes
Hardware	hp	envy_110_cq809a	-	Yes
Hardware	hp	envy_110_cq809b	-	Yes
Hardware	hp	envy_110_cq809c	-	Yes
Hardware	hp	envy_110_cq809d	-	Yes
Hardware	hp	envy_110_cq812c	-	Yes
Hardware	hp	envy_111_cq810a	-	Yes
Hardware	hp	envy_114_cq811a	-	Yes
Hardware	hp	envy_114_cq811b	-	Yes
Hardware	hp	envy_114_cq812a	-	Yes
Hardware	hp	envy_120_cz022a	-	Yes
Hardware	hp	envy_120_cz022b	-	Yes
Hardware	hp	envy_120_cz022c	-	Yes
Hardware	hp	envy_4500_a9t80a	-	Yes
Hardware	hp	envy_4500_a9t80b	-	Yes
Hardware	hp	envy_4500_a9t89a	-	Yes
Hardware	hp	envy_4500_d3p93a	-	Yes
Hardware	hp	envy_4501_c8d05a	-	Yes
Hardware	hp	envy_4502_a9t85a	-	Yes
Hardware	hp	envy_4502_a9t87b	-	Yes
Hardware	hp	envy_4503_e6g71b	-	Yes
Hardware	hp	envy_4504_a9t88b	-	Yes
Hardware	hp	envy_4504_c8d04a	-	Yes
Hardware	hp	envy_4505_a9t86a	-	Yes
Hardware	hp	envy_4507_e6g70b	-	Yes
Hardware	hp	envy_4508_e6g72b	-	Yes
Hardware	hp	envy_4509_d3p94a	-	Yes
Hardware	hp	envy_4509_d3p94b	-	Yes
Hardware	hp	envy_4511_k9h50a	-	Yes
Hardware	hp	envy_4512_k9h49a	-	Yes
Hardware	hp	envy_4513_k9h51a	-	Yes
Hardware	hp	envy_4516_k9h52a	-	Yes
Hardware	hp	envy_4520_e6g67a	-	Yes
Hardware	hp	envy_4520_e6g67b	-	Yes
Hardware	hp	envy_4520_f0v63a	-	Yes
Hardware	hp	envy_4520_f0v63b	-	Yes
Hardware	hp	envy_4520_f0v69a	-	Yes
Hardware	hp	envy_4521_k9t10b	-	Yes
Hardware	hp	envy_4522_f0v67a	-	Yes
Hardware	hp	envy_4523_j6u60b	-	Yes
Hardware	hp	envy_4524_f0v71b	-	Yes
Hardware	hp	envy_4524_f0v72b	-	Yes
Hardware	hp	envy_4524_k9t01a	-	Yes
Hardware	hp	envy_4525_k9t09b	-	Yes
Hardware	hp	envy_4526_k9t05b	-	Yes
Hardware	hp	envy_4527_j6u61b	-	Yes
Hardware	hp	envy_4528_k9t08b	-	Yes
Hardware	hp	envy_5000_m2u85a	-	Yes
Hardware	hp	envy_5000_m2u85b	-	Yes
Hardware	hp	envy_5000_m2u91a	*	Yes
Hardware	hp	envy_5000_m2u91a	-	Yes
Hardware	hp	envy_5000_m2u94b	-	Yes
Hardware	hp	envy_5000_z4a54a	-	Yes
Hardware	hp	envy_5000_z4a74a	-	Yes
Hardware	hp	envy_5020_m2u91b	-	Yes
Hardware	hp	envy_5530	-	Yes
Hardware	hp	envy_5531	-	Yes
Hardware	hp	envy_5532	-	Yes
Hardware	hp	envy_5534	-	Yes
Hardware	hp	envy_5535	-	Yes
Hardware	hp	envy_5536	-	Yes
Hardware	hp	envy_5539	-	Yes
Hardware	hp	envy_5540_f2e72a	-	Yes
Hardware	hp	envy_5540_g0v47a	-	Yes
Hardware	hp	envy_5540_g0v51a	-	Yes
Hardware	hp	envy_5540_g0v52a	-	Yes
Hardware	hp	envy_5540_g0v53a	-	Yes
Hardware	hp	envy_5540_k7c85a	-	Yes
Hardware	hp	envy_5541_k7g89a	-	Yes
Hardware	hp	envy_5542_k7c88a	-	Yes
Hardware	hp	envy_5543_n9u88a	-	Yes
Hardware	hp	envy_5544_k7c89a	-	Yes
Hardware	hp	envy_5544_k7c93a	-	Yes
Hardware	hp	envy_5545_g0v50a	-	Yes
Hardware	hp	envy_5546_k7c90a	-	Yes
Hardware	hp	envy_5547_j6u64a	-	Yes
Hardware	hp	envy_5548_k7g87a	-	Yes
Hardware	hp	envy_5640_b9s56a	-	Yes
Hardware	hp	envy_5640_b9s58a	-	Yes
Hardware	hp	envy_5642_b9s64a	-	Yes
Hardware	hp	envy_5643_b9s63a	-	Yes
Hardware	hp	envy_5644_b9s65a	-	Yes
Hardware	hp	envy_5646_f8b05a	-	Yes
Hardware	hp	envy_5664_f8b08a	-	Yes
Hardware	hp	envy_5665_f8b06a	-	Yes
Hardware	hp	envy_6020_5se16b	-	Yes
Hardware	hp	envy_6020_5se17a	-	Yes
Hardware	hp	envy_6020_6wd35a	-	Yes
Hardware	hp	envy_6020_7cz37a	-	Yes
Hardware	hp	envy_6052_5se18a	-	Yes
Hardware	hp	envy_6055_5se16a	-	Yes
Hardware	hp	envy_6540_b9s59a	-	Yes
Hardware	hp	envy_7640	-	Yes
Hardware	hp	envy_7644_e4w46a	-	Yes
Hardware	hp	envy_7645_e4w44a	-	Yes
Hardware	hp	envy_photo_6200_k7g18a	-	Yes
Hardware	hp	envy_photo_6200_k7g26b	-	Yes
Hardware	hp	envy_photo_6200_k7s21b	-	Yes
Hardware	hp	envy_photo_6200_y0k13d_	-	Yes
Hardware	hp	envy_photo_6200_y0k15a	-	Yes
Hardware	hp	envy_photo_6220_k7g20d	-	Yes
Hardware	hp	envy_photo_6220_k7g21b	-	Yes
Hardware	hp	envy_photo_6222_y0k13d	-	Yes
Hardware	hp	envy_photo_6222_y0k14d	-	Yes
Hardware	hp	envy_photo_6230_k7g25b	-	Yes
Hardware	hp	envy_photo_6232_k7g26b	-	Yes
Hardware	hp	envy_photo_6234_k7s21b	-	Yes
Hardware	hp	envy_photo_6252_k7g22a	-	Yes
Hardware	hp	envy_photo_7100_3xd89a	-	Yes
Hardware	hp	envy_photo_7100_k7g93a	-	Yes
Hardware	hp	envy_photo_7100_k7g99a	-	Yes
Hardware	hp	envy_photo_7100_z3m37a	-	Yes
Hardware	hp	envy_photo_7100_z3m52a	-	Yes
Hardware	hp	envy_photo_7120_z3m41d	-	Yes
Hardware	hp	envy_photo_7155_z3m52a	-	Yes
Hardware	hp	envy_photo_7164_k7g99a	-	Yes
Hardware	hp	envy_photo_7800_k7r96a	-	Yes
Hardware	hp	envy_photo_7800_k7s00a	-	Yes
Hardware	hp	envy_photo_7800_k7s10d	-	Yes
Hardware	hp	envy_photo_7800_y0g42d	-	Yes
Hardware	hp	envy_photo_7800_y0g52b	-	Yes
Hardware	hp	envy_photo_7822_y0g42d	-	Yes
Hardware	hp	envy_photo_7822_y0g43d	-	Yes
Hardware	hp	envy_photo_7830_y0g50b	-	Yes
Hardware	hp	envy_pro_6420_5se45b	-	Yes
Hardware	hp	envy_pro_6420_5se46a	-	Yes
Hardware	hp	envy_pro_6420_6wd14a	-	Yes
Hardware	hp	envy_pro_6420_6wd16a	-	Yes
Hardware	hp	envy_pro_6452_5se47a	-	Yes
Hardware	hp	envy_pro_6455_5se45a	-	Yes
Hardware	hp	officejet_4650_e6g87a	-	Yes
Hardware	hp	officejet_4650_f1h96a	-	Yes
Hardware	hp	officejet_4650_f1h96b	-	Yes
Hardware	hp	officejet_4652_f1j02a	-	Yes
Hardware	hp	officejet_4652_f1j05b	-	Yes
Hardware	hp	officejet_4652_k9v84b	-	Yes
Hardware	hp	officejet_4654_f1j06b	-	Yes
Hardware	hp	officejet_4654_f1j07b	-	Yes
Hardware	hp	officejet_4655_f1j00a	-	Yes
Hardware	hp	officejet_4655_k9v79a	-	Yes
Hardware	hp	officejet_4655_k9v82b	-	Yes
Hardware	hp	officejet_4656_k9v81b	-	Yes
Hardware	hp	officejet_4657_v6d29b	-	Yes
Hardware	hp	officejet_4658_v6d30b	-	Yes
Hardware	huawei	hg255s	-	Yes
Hardware	huawei	hg532e	-	Yes
Hardware	nec	wr8165n	-	Yes
Hardware	netgear	wnhde111	-	Yes
Hardware	ruckussecurity	zonedirector_1200	-	Yes
Hardware	tp-link	archer_c50	-	Yes
Hardware	zte	zxv10_w300	-	Yes
Hardware	zyxel	amg1202-t10b	-	Yes
Hardware	zyxel	vmg8324-b10a	-	Yes
Operating System	microsoft	windows_10	-	Yes
Operating System	microsoft	xbox_one	10.0.19041.2494	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	canonical	ubuntu_linux	20.04	Yes

References

http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html Third Party Advisory, VDB Entry ([email protected])
http://www.openwall.com/lists/oss-security/2020/06/08/2 Mailing List, Third Party Advisory ([email protected])
https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/ Third Party Advisory ([email protected])
https://github.com/corelight/callstranger-detector Third Party Advisory ([email protected])
https://github.com/yunuscadirci/CallStranger Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/ Mailing List, Third Party Advisory ([email protected])
https://usn.ubuntu.com/4494-1/ Third Party Advisory ([email protected])
https://www.callstranger.com Broken Link ([email protected])
https://www.debian.org/security/2020/dsa-4806 Third Party Advisory ([email protected])
https://www.debian.org/security/2021/dsa-4898 Third Party Advisory ([email protected])
https://www.kb.cert.org/vuls/id/339275 Third Party Advisory, US Government Resource ([email protected])
https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/06/08/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/corelight/callstranger-detector Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/yunuscadirci/CallStranger Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4494-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.callstranger.com Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4806 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4898 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/339275 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For ui's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.