WhiteSource Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: January 31, 2013
OverviewMiniUPnP is an open-source project that aims to deliver a free software solution that supports the UPnP (Universal Plug and Play) Internet Gateway Device (IGD) specifications. UPnP is a popular protocol that enables flawless communication between network-enabled devices and computers. This protocol is enabled by default on tens of millions of devices, of which a good number of them are connected to the Internet. MiniUPnP aims to support the IGD part of the UPnP protocol. Affected versions of the MiniUPnP library are vulnerable to denial of service attacks.
DetailsThe CVE-2013-0229 vulnerability exists because of how malicious Simple Service Discovery Protocol (SSDP) requests are handled in the MiniUPnP library. It is due to a boundary error in the SSDP’s ProcessSSDPRequest function of the file minissdp.c. This vulnerability allows a remote attacker to send specially crafted requests that could trigger a buffer over-read. This could make the vulnerable system to experience a service crash, leading to a complete denial of service attack. An attacker can exploit this vulnerability without requiring any form of authentication.
Affected EnvironmentsMiniUPnP versions before 1.4
RemediationDisable UPnP on all devices connected to the Internet Set up hardening rules when configuring wireless devices, such as requiring authentication credentials to log in and disabling “Guest” access.
PreventionUpgrade to MiniUPnP version 1.4 or higher
Good to know:
|Access Vector (AV):||Network|
|Access Complexity (AC):||Low|