|
|||
Rule General Information |
---|
Release Date: | 2019-06-27 | |
Rule Name: | MiniUPnPd SOAP Remote Code Execution Vulnerability (CVE-2013-0230) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:57608 ExploitDB:36839 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf |