Vulnerability Details CVE-2020-12695
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.047
EPSS Ranking 88.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
- http://www.openwall.com/lists/oss-security/2020/06/08/2
- https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
- https://github.com/corelight/callstranger-detector
- https://github.com/yunuscadirci/CallStranger
- https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/
- https://usn.ubuntu.com/4494-1/
- https://www.callstranger.com
- https://www.debian.org/security/2020/dsa-4806
- https://www.debian.org/security/2021/dsa-4898
- https://www.kb.cert.org/vuls/id/339275
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
- http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html
- http://www.openwall.com/lists/oss-security/2020/06/08/2
- https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/
- https://github.com/corelight/callstranger-detector
- https://github.com/yunuscadirci/CallStranger
- https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html
- https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/
- https://usn.ubuntu.com/4494-1/
- https://www.callstranger.com
- https://www.debian.org/security/2020/dsa-4806
- https://www.debian.org/security/2021/dsa-4898
- https://www.kb.cert.org/vuls/id/339275
- https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of
Products affected by CVE-2020-12695
-
cpe:2.3:a:ui:unifi_controller:-
-
cpe:2.3:a:w1.fi:hostapd:0.2.0
-
cpe:2.3:a:w1.fi:hostapd:0.2.1
-
cpe:2.3:a:w1.fi:hostapd:0.2.2
-
cpe:2.3:a:w1.fi:hostapd:0.2.4
-
cpe:2.3:a:w1.fi:hostapd:0.3.0
-
cpe:2.3:a:w1.fi:hostapd:0.3.1
-
cpe:2.3:a:w1.fi:hostapd:0.3.2
-
cpe:2.3:a:w1.fi:hostapd:0.3.3
-
cpe:2.3:a:w1.fi:hostapd:0.3.4
-
cpe:2.3:a:w1.fi:hostapd:0.3.5
-
cpe:2.3:a:w1.fi:hostapd:0.3.7
-
cpe:2.3:a:w1.fi:hostapd:0.4.0
-
cpe:2.3:a:w1.fi:hostapd:0.4.1
-
cpe:2.3:a:w1.fi:hostapd:0.4.2
-
cpe:2.3:a:w1.fi:hostapd:0.4.3
-
cpe:2.3:a:w1.fi:hostapd:0.4.4
-
cpe:2.3:a:w1.fi:hostapd:0.4.5
-
cpe:2.3:a:w1.fi:hostapd:0.4.6
-
cpe:2.3:a:w1.fi:hostapd:0.4.7
-
cpe:2.3:a:w1.fi:hostapd:0.5.0
-
cpe:2.3:a:w1.fi:hostapd:0.5.1
-
cpe:2.3:a:w1.fi:hostapd:0.5.2
-
cpe:2.3:a:w1.fi:hostapd:0.5.3
-
cpe:2.3:a:w1.fi:hostapd:0.5.4
-
cpe:2.3:a:w1.fi:hostapd:0.5.5
-
cpe:2.3:a:w1.fi:hostapd:0.5.6
-
cpe:2.3:a:w1.fi:hostapd:0.6.0
-
cpe:2.3:a:w1.fi:hostapd:0.6.1
-
cpe:2.3:a:w1.fi:hostapd:0.6.2
-
cpe:2.3:a:w1.fi:hostapd:0.6.3
-
cpe:2.3:a:w1.fi:hostapd:0.6.4
-
cpe:2.3:a:w1.fi:hostapd:0.6.5
-
cpe:2.3:a:w1.fi:hostapd:0.6.6
-
cpe:2.3:a:w1.fi:hostapd:0.6.7
-
cpe:2.3:a:w1.fi:hostapd:0.7.0
-
cpe:2.3:a:w1.fi:hostapd:0.7.1
-
cpe:2.3:a:w1.fi:hostapd:0.7.2
-
cpe:2.3:a:w1.fi:hostapd:0.7.3
-
cpe:2.3:a:w1.fi:hostapd:1.1
-
cpe:2.3:a:w1.fi:hostapd:2.0
-
cpe:2.3:h:asus:rt-n11:-
-
cpe:2.3:h:broadcom:adsl:-
-
cpe:2.3:h:canon:selphy_cp1200:-
-
cpe:2.3:h:cisco:wap131:-
-
cpe:2.3:h:cisco:wap150:-
-
cpe:2.3:h:cisco:wap351:-
-
cpe:2.3:h:dell:b1165nfw:-
-
cpe:2.3:h:dlink:dvg-n5412sp:-
-
cpe:2.3:h:epson:ep-101:-
-
cpe:2.3:h:epson:ew-m970a3t:-
-
cpe:2.3:h:epson:m571t:-
-
cpe:2.3:h:epson:xp-100:-
-
cpe:2.3:h:epson:xp-2101:-
-
cpe:2.3:h:epson:xp-2105:-
-
cpe:2.3:h:epson:xp-241:-
-
cpe:2.3:h:epson:xp-320:-
-
cpe:2.3:h:epson:xp-330:-
-
cpe:2.3:h:epson:xp-340:-
-
cpe:2.3:h:epson:xp-4100:-
-
cpe:2.3:h:epson:xp-4105:-
-
cpe:2.3:h:epson:xp-440:-
-
cpe:2.3:h:epson:xp-620:-
-
cpe:2.3:h:epson:xp-630:-
-
cpe:2.3:h:epson:xp-702:-
-
cpe:2.3:h:epson:xp-8500:-
-
cpe:2.3:h:epson:xp-8600:-
-
cpe:2.3:h:epson:xp-960:-
-
cpe:2.3:h:epson:xp-970:-
-
cpe:2.3:h:hp:5020_z4a69a:-
-
cpe:2.3:h:hp:5030_m2u92b:-
-
cpe:2.3:h:hp:5030_z4a70a:-
-
cpe:2.3:h:hp:5034_z4a74a:-
-
cpe:2.3:h:hp:5660_f8b04a:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_3456_a9t84c:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81a:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t81c:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_3545_a9t83b:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_3546_a9t82a:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_3548_a9t81b:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4515:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4518:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64a:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64b:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4535_f0v64c:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4536_f0v65a:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4538_f0v66b:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97a:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97b:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4675_f1h97c:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4676_f1h98a:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_4678_f1h99b:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48b:-
-
cpe:2.3:h:hp:deskjet_ink_advantage_5575_g0v48c:-
-
cpe:2.3:h:hp:envy_100_cn517a:-
-
cpe:2.3:h:hp:envy_100_cn517b:-
-
cpe:2.3:h:hp:envy_100_cn517c:-
-
cpe:2.3:h:hp:envy_100_cn518a:-
-
cpe:2.3:h:hp:envy_100_cn519a:-
-
cpe:2.3:h:hp:envy_100_cn519b:-
-
cpe:2.3:h:hp:envy_110_cq809a:-
-
cpe:2.3:h:hp:envy_110_cq809b:-
-
cpe:2.3:h:hp:envy_110_cq809c:-
-
cpe:2.3:h:hp:envy_110_cq809d:-
-
cpe:2.3:h:hp:envy_110_cq812c:-
-
cpe:2.3:h:hp:envy_111_cq810a:-
-
cpe:2.3:h:hp:envy_114_cq811a:-
-
cpe:2.3:h:hp:envy_114_cq811b:-
-
cpe:2.3:h:hp:envy_114_cq812a:-
-
cpe:2.3:h:hp:envy_120_cz022a:-
-
cpe:2.3:h:hp:envy_120_cz022b:-
-
cpe:2.3:h:hp:envy_120_cz022c:-
-
cpe:2.3:h:hp:envy_4500_a9t80a:-
-
cpe:2.3:h:hp:envy_4500_a9t80b:-
-
cpe:2.3:h:hp:envy_4500_a9t89a:-
-
cpe:2.3:h:hp:envy_4500_d3p93a:-
-
cpe:2.3:h:hp:envy_4501_c8d05a:-
-
cpe:2.3:h:hp:envy_4502_a9t85a:-
-
cpe:2.3:h:hp:envy_4502_a9t87b:-
-
cpe:2.3:h:hp:envy_4503_e6g71b:-
-
cpe:2.3:h:hp:envy_4504_a9t88b:-
-
cpe:2.3:h:hp:envy_4504_c8d04a:-
-
cpe:2.3:h:hp:envy_4505_a9t86a:-
-
cpe:2.3:h:hp:envy_4507_e6g70b:-
-
cpe:2.3:h:hp:envy_4508_e6g72b:-
-
cpe:2.3:h:hp:envy_4509_d3p94a:-
-
cpe:2.3:h:hp:envy_4509_d3p94b:-
-
cpe:2.3:h:hp:envy_4511_k9h50a:-
-
cpe:2.3:h:hp:envy_4512_k9h49a:-
-
cpe:2.3:h:hp:envy_4513_k9h51a:-
-
cpe:2.3:h:hp:envy_4516_k9h52a:-
-
cpe:2.3:h:hp:envy_4520_e6g67a:-
-
cpe:2.3:h:hp:envy_4520_e6g67b:-
-
cpe:2.3:h:hp:envy_4520_f0v63a:-
-
cpe:2.3:h:hp:envy_4520_f0v63b:-
-
cpe:2.3:h:hp:envy_4520_f0v69a:-
-
cpe:2.3:h:hp:envy_4521_k9t10b:-
-
cpe:2.3:h:hp:envy_4522_f0v67a:-
-
cpe:2.3:h:hp:envy_4523_j6u60b:-
-
cpe:2.3:h:hp:envy_4524_f0v71b:-
-
cpe:2.3:h:hp:envy_4524_f0v72b:-
-
cpe:2.3:h:hp:envy_4524_k9t01a:-
-
cpe:2.3:h:hp:envy_4525_k9t09b:-
-
cpe:2.3:h:hp:envy_4526_k9t05b:-
-
cpe:2.3:h:hp:envy_4527_j6u61b:-
-
cpe:2.3:h:hp:envy_4528_k9t08b:-
-
cpe:2.3:h:hp:envy_5000_m2u85a:-
-
cpe:2.3:h:hp:envy_5000_m2u85b:-
-
cpe:2.3:h:hp:envy_5000_m2u91a:-
-
cpe:2.3:h:hp:envy_5000_m2u94b:-
-
cpe:2.3:h:hp:envy_5000_z4a54a:-
-
cpe:2.3:h:hp:envy_5000_z4a74a:-
-
cpe:2.3:h:hp:envy_5020_m2u91b:-
-
cpe:2.3:h:hp:envy_5530:-
-
cpe:2.3:h:hp:envy_5531:-
-
cpe:2.3:h:hp:envy_5532:-
-
cpe:2.3:h:hp:envy_5534:-
-
cpe:2.3:h:hp:envy_5535:-
-
cpe:2.3:h:hp:envy_5536:-
-
cpe:2.3:h:hp:envy_5539:-
-
cpe:2.3:h:hp:envy_5540_f2e72a:-
-
cpe:2.3:h:hp:envy_5540_g0v47a:-
-
cpe:2.3:h:hp:envy_5540_g0v51a:-
-
cpe:2.3:h:hp:envy_5540_g0v52a:-
-
cpe:2.3:h:hp:envy_5540_g0v53a:-
-
cpe:2.3:h:hp:envy_5540_k7c85a:-
-
cpe:2.3:h:hp:envy_5541_k7g89a:-
-
cpe:2.3:h:hp:envy_5542_k7c88a:-
-
cpe:2.3:h:hp:envy_5543_n9u88a:-
-
cpe:2.3:h:hp:envy_5544_k7c89a:-
-
cpe:2.3:h:hp:envy_5544_k7c93a:-
-
cpe:2.3:h:hp:envy_5545_g0v50a:-
-
cpe:2.3:h:hp:envy_5546_k7c90a:-
-
cpe:2.3:h:hp:envy_5547_j6u64a:-
-
cpe:2.3:h:hp:envy_5548_k7g87a:-
-
cpe:2.3:h:hp:envy_5640_b9s56a:-
-
cpe:2.3:h:hp:envy_5640_b9s58a:-
-
cpe:2.3:h:hp:envy_5642_b9s64a:-
-
cpe:2.3:h:hp:envy_5643_b9s63a:-
-
cpe:2.3:h:hp:envy_5644_b9s65a:-
-
cpe:2.3:h:hp:envy_5646_f8b05a:-
-
cpe:2.3:h:hp:envy_5664_f8b08a:-
-
cpe:2.3:h:hp:envy_5665_f8b06a:-
-
cpe:2.3:h:hp:envy_6020_5se16b:-
-
cpe:2.3:h:hp:envy_6020_5se17a:-
-
cpe:2.3:h:hp:envy_6020_6wd35a:-
-
cpe:2.3:h:hp:envy_6020_7cz37a:-
-
cpe:2.3:h:hp:envy_6052_5se18a:-
-
cpe:2.3:h:hp:envy_6055_5se16a:-
-
cpe:2.3:h:hp:envy_6540_b9s59a:-
-
cpe:2.3:h:hp:envy_7640:-
-
cpe:2.3:h:hp:envy_7644_e4w46a:-
-
cpe:2.3:h:hp:envy_7645_e4w44a:-
-
cpe:2.3:h:hp:envy_photo_6200_k7g18a:-
-
cpe:2.3:h:hp:envy_photo_6200_k7g26b:-
-
cpe:2.3:h:hp:envy_photo_6200_k7s21b:-
-
cpe:2.3:h:hp:envy_photo_6200_y0k13d_:-
-
cpe:2.3:h:hp:envy_photo_6200_y0k15a:-
-
cpe:2.3:h:hp:envy_photo_6220_k7g20d:-
-
cpe:2.3:h:hp:envy_photo_6220_k7g21b:-
-
cpe:2.3:h:hp:envy_photo_6222_y0k13d:-
-
cpe:2.3:h:hp:envy_photo_6222_y0k14d:-
-
cpe:2.3:h:hp:envy_photo_6230_k7g25b:-
-
cpe:2.3:h:hp:envy_photo_6232_k7g26b:-
-
cpe:2.3:h:hp:envy_photo_6234_k7s21b:-
-
cpe:2.3:h:hp:envy_photo_6252_k7g22a:-
-
cpe:2.3:h:hp:envy_photo_7100_3xd89a:-
-
cpe:2.3:h:hp:envy_photo_7100_k7g93a:-
-
cpe:2.3:h:hp:envy_photo_7100_k7g99a:-
-
cpe:2.3:h:hp:envy_photo_7100_z3m37a:-
-
cpe:2.3:h:hp:envy_photo_7100_z3m52a:-
-
cpe:2.3:h:hp:envy_photo_7120_z3m41d:-
-
cpe:2.3:h:hp:envy_photo_7155_z3m52a:-
-
cpe:2.3:h:hp:envy_photo_7164_k7g99a:-
-
cpe:2.3:h:hp:envy_photo_7800_k7r96a:-
-
cpe:2.3:h:hp:envy_photo_7800_k7s00a:-
-
cpe:2.3:h:hp:envy_photo_7800_k7s10d:-
-
cpe:2.3:h:hp:envy_photo_7800_y0g42d:-
-
cpe:2.3:h:hp:envy_photo_7800_y0g52b:-
-
cpe:2.3:h:hp:envy_photo_7822_y0g42d:-
-
cpe:2.3:h:hp:envy_photo_7822_y0g43d:-
-
cpe:2.3:h:hp:envy_photo_7830_y0g50b:-
-
cpe:2.3:h:hp:envy_pro_6420_5se45b:-
-
cpe:2.3:h:hp:envy_pro_6420_5se46a:-
-
cpe:2.3:h:hp:envy_pro_6420_6wd14a:-
-
cpe:2.3:h:hp:envy_pro_6420_6wd16a:-
-
cpe:2.3:h:hp:envy_pro_6452_5se47a:-
-
cpe:2.3:h:hp:envy_pro_6455_5se45a:-
-
cpe:2.3:h:hp:officejet_4650_e6g87a:-
-
cpe:2.3:h:hp:officejet_4650_f1h96a:-
-
cpe:2.3:h:hp:officejet_4650_f1h96b:-
-
cpe:2.3:h:hp:officejet_4652_f1j02a:-
-
cpe:2.3:h:hp:officejet_4652_f1j05b:-
-
cpe:2.3:h:hp:officejet_4652_k9v84b:-
-
cpe:2.3:h:hp:officejet_4654_f1j06b:-
-
cpe:2.3:h:hp:officejet_4654_f1j07b:-
-
cpe:2.3:h:hp:officejet_4655_f1j00a:-
-
cpe:2.3:h:hp:officejet_4655_k9v79a:-
-
cpe:2.3:h:hp:officejet_4655_k9v82b:-
-
cpe:2.3:h:hp:officejet_4656_k9v81b:-
-
cpe:2.3:h:hp:officejet_4657_v6d29b:-
-
cpe:2.3:h:hp:officejet_4658_v6d30b:-
-
cpe:2.3:h:huawei:hg255s:-
-
cpe:2.3:h:huawei:hg532e:-
-
cpe:2.3:h:nec:wr8165n:-
-
cpe:2.3:h:netgear:wnhde111:-
-
cpe:2.3:h:ruckussecurity:zonedirector_1200:-
-
cpe:2.3:h:tp-link:archer_c50:-
-
cpe:2.3:h:zte:zxv10_w300:-
-
cpe:2.3:h:zyxel:amg1202-t10b:-
-
cpe:2.3:h:zyxel:vmg8324-b10a:-
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:microsoft:windows_10:-
-
cpe:2.3:o:microsoft:xbox_one:10.0.19041.2494