The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Max CVSS
7.8
EPSS Score
0.63%
Published
2020-06-08
Updated
2024-04-08
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
Max CVSS
5.0
EPSS Score
11.68%
Published
2015-11-07
Updated
2018-12-15
2 vulnerabilities found