Vulnerability Details : CVE-2013-0230
Public exploit exists!
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-0230
- cpe:2.3:a:miniupnp_project:miniupnpd:1.0:*:*:*:*:*:*:*
Threat overview for CVE-2013-0230
Top countries where our scanners detected CVE-2013-0230
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2013-0230 2,436
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-0230!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-0230
80.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2013-0230
-
UPnP SSDP M-SEARCH Information Discovery
First seen: 2020-04-26auxiliary/scanner/upnp/ssdp_msearchDiscover information from UPnP-enabled systems Authors: - todb <todb@metasploit.com> - hdm <x@hdm.io> -
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
Disclosure Date: 2013-03-27First seen: 2020-04-26exploit/linux/upnp/miniupnpd_soap_bofThis module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. Authors: - hdm <x@hdm.io> - Dejan Lukan - Onur ALANBEL - Michael Messner <devnull@s3cur1ty.de>
CVSS scores for CVE-2013-0230
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-0230
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0230
-
http://www.securityfocus.com/bid/57608
MiniUPnP CVE-2013-0230 Stack-Based Buffer Overflow Vulnerabilities
-
https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb
Help @ Rapid7
-
https://www.exploit-db.com/exploits/36839/
MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series - Multiple remote ExploitExploit
-
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
Help @ Rapid7
-
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
Security Flaws in Universal Plug and Play: Unplug, Don't Play
Jump to