7.8

CVE-2020-12695

EPSS 4.73%
Published 08.06.2020 17:15:09
Last modified 21.11.2024 05:00:05
Source cve@mitre.org
Teams watchlist Login
Open Login

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Affected products Warnungen 0 Metrics 3 CWE 1 References 20

Data is provided by the National Vulnerability Database (NVD)

Ui ≫ Unifi Controller Version-

W1.Fi ≫ Hostapd Version < 2.0.0

Asus ≫ Rt-n11 Version-

Broadcom ≫ Adsl Version-

Canon ≫ Selphy Cp1200 Version-

Cisco ≫ Wap131 Version-

Cisco ≫ Wap150 Version-

Cisco ≫ Wap351 Version-

Dlink ≫ Dvg-n5412sp Version-

Dell ≫ B1165nfw Version-

Epson ≫ Ep-101 Version-

Epson ≫ Ew-m970a3t Version-

Epson ≫ M571t Version-

Epson ≫ Xp-100 Version-

Epson ≫ Xp-2101 Version-

Epson ≫ Xp-2105 Version-

Epson ≫ Xp-241 Version-

Epson ≫ Xp-320 Version-

Epson ≫ Xp-330 Version-

Epson ≫ Xp-340 Version-

Epson ≫ Xp-4100 Version-

Epson ≫ Xp-4105 Version-

Epson ≫ Xp-440 Version-

Epson ≫ Xp-620 Version-

Epson ≫ Xp-630 Version-

Epson ≫ Xp-702 Version-

Epson ≫ Xp-8500 Version-

Epson ≫ Xp-8600 Version-

Epson ≫ Xp-960 Version-

Epson ≫ Xp-970 Version-

Hp ≫ 5020 Z4a69a Version-

Hp ≫ 5030 M2u92b Version-

Hp ≫ 5030 Z4a70a Version-

Hp ≫ 5034 Z4a74a Version-

Hp ≫ 5660 F8b04a Version-

Hp ≫ Deskjet Ink Advantage 3456 A9t84c Version-

Hp ≫ Deskjet Ink Advantage 3545 A9t81a Version-

Hp ≫ Deskjet Ink Advantage 3545 A9t81c Version-

Hp ≫ Deskjet Ink Advantage 3545 A9t83b Version-

Hp ≫ Deskjet Ink Advantage 3546 A9t82a Version-

Hp ≫ Deskjet Ink Advantage 3548 A9t81b Version-

Hp ≫ Deskjet Ink Advantage 4515 Version-

Hp ≫ Deskjet Ink Advantage 4518 Version-

Hp ≫ Deskjet Ink Advantage 4535 F0v64a Version-

Hp ≫ Deskjet Ink Advantage 4535 F0v64b Version-

Hp ≫ Deskjet Ink Advantage 4535 F0v64c Version-

Hp ≫ Deskjet Ink Advantage 4536 F0v65a Version-

Hp ≫ Deskjet Ink Advantage 4538 F0v66b Version-

Hp ≫ Deskjet Ink Advantage 4675 F1h97a Version-

Hp ≫ Deskjet Ink Advantage 4675 F1h97b Version-

Hp ≫ Deskjet Ink Advantage 4675 F1h97c Version-

Hp ≫ Deskjet Ink Advantage 4676 F1h98a Version-

Hp ≫ Deskjet Ink Advantage 4678 F1h99b Version-

Hp ≫ Deskjet Ink Advantage 5575 G0v48b Version-

Hp ≫ Deskjet Ink Advantage 5575 G0v48c Version-

Hp ≫ Envy 100 Cn517a Version-

Hp ≫ Envy 100 Cn517b Version-

Hp ≫ Envy 100 Cn517c Version-

Hp ≫ Envy 100 Cn518a Version-

Hp ≫ Envy 100 Cn519a Version-

Hp ≫ Envy 100 Cn519b Version-

Hp ≫ Envy 110 Cq809a Version-

Hp ≫ Envy 110 Cq809b Version-

Hp ≫ Envy 110 Cq809c Version-

Hp ≫ Envy 110 Cq809d Version-

Hp ≫ Envy 110 Cq812c Version-

Hp ≫ Envy 111 Cq810a Version-

Hp ≫ Envy 114 Cq811a Version-

Hp ≫ Envy 114 Cq811b Version-

Hp ≫ Envy 114 Cq812a Version-

Hp ≫ Envy 120 Cz022a Version-

Hp ≫ Envy 120 Cz022b Version-

Hp ≫ Envy 120 Cz022c Version-

Hp ≫ Envy 4500 A9t80a Version-

Hp ≫ Envy 4500 A9t80b Version-

Hp ≫ Envy 4500 A9t89a Version-

Hp ≫ Envy 4500 D3p93a Version-

Hp ≫ Envy 4501 C8d05a Version-

Hp ≫ Envy 4502 A9t85a Version-

Hp ≫ Envy 4502 A9t87b Version-

Hp ≫ Envy 4503 E6g71b Version-

Hp ≫ Envy 4504 A9t88b Version-

Hp ≫ Envy 4504 C8d04a Version-

Hp ≫ Envy 4505 A9t86a Version-

Hp ≫ Envy 4507 E6g70b Version-

Hp ≫ Envy 4508 E6g72b Version-

Hp ≫ Envy 4509 D3p94a Version-

Hp ≫ Envy 4509 D3p94b Version-

Hp ≫ Envy 4511 K9h50a Version-

Hp ≫ Envy 4512 K9h49a Version-

Hp ≫ Envy 4513 K9h51a Version-

Hp ≫ Envy 4516 K9h52a Version-

Hp ≫ Envy 4520 E6g67a Version-

Hp ≫ Envy 4520 E6g67b Version-

Hp ≫ Envy 4520 F0v63a Version-

Hp ≫ Envy 4520 F0v63b Version-

Hp ≫ Envy 4520 F0v69a Version-

Hp ≫ Envy 4521 K9t10b Version-

Hp ≫ Envy 4522 F0v67a Version-

Hp ≫ Envy 4523 J6u60b Version-

Hp ≫ Envy 4524 F0v71b Version-

Hp ≫ Envy 4524 F0v72b Version-

Hp ≫ Envy 4524 K9t01a Version-

Hp ≫ Envy 4525 K9t09b Version-

Hp ≫ Envy 4526 K9t05b Version-

Hp ≫ Envy 4527 J6u61b Version-

Hp ≫ Envy 4528 K9t08b Version-

Hp ≫ Envy 5000 M2u85a Version-

Hp ≫ Envy 5000 M2u85b Version-

Hp ≫ Envy 5000 M2u91a

Hp ≫ Envy 5000 M2u91a Version-

Hp ≫ Envy 5000 M2u94b Version-

Hp ≫ Envy 5000 Z4a54a Version-

Hp ≫ Envy 5000 Z4a74a Version-

Hp ≫ Envy 5020 M2u91b Version-

Hp ≫ Envy 5530 Version-

Hp ≫ Envy 5531 Version-

Hp ≫ Envy 5532 Version-

Hp ≫ Envy 5534 Version-

Hp ≫ Envy 5535 Version-

Hp ≫ Envy 5536 Version-

Hp ≫ Envy 5539 Version-

Hp ≫ Envy 5540 F2e72a Version-

Hp ≫ Envy 5540 G0v47a Version-

Hp ≫ Envy 5540 G0v51a Version-

Hp ≫ Envy 5540 G0v52a Version-

Hp ≫ Envy 5540 G0v53a Version-

Hp ≫ Envy 5540 K7c85a Version-

Hp ≫ Envy 5541 K7g89a Version-

Hp ≫ Envy 5542 K7c88a Version-

Hp ≫ Envy 5543 N9u88a Version-

Hp ≫ Envy 5544 K7c89a Version-

Hp ≫ Envy 5544 K7c93a Version-

Hp ≫ Envy 5545 G0v50a Version-

Hp ≫ Envy 5546 K7c90a Version-

Hp ≫ Envy 5547 J6u64a Version-

Hp ≫ Envy 5548 K7g87a Version-

Hp ≫ Envy 5640 B9s56a Version-

Hp ≫ Envy 5640 B9s58a Version-

Hp ≫ Envy 5642 B9s64a Version-

Hp ≫ Envy 5643 B9s63a Version-

Hp ≫ Envy 5644 B9s65a Version-

Hp ≫ Envy 5646 F8b05a Version-

Hp ≫ Envy 5664 F8b08a Version-

Hp ≫ Envy 5665 F8b06a Version-

Hp ≫ Envy 6020 5se16b Version-

Hp ≫ Envy 6020 5se17a Version-

Hp ≫ Envy 6020 6wd35a Version-

Hp ≫ Envy 6020 7cz37a Version-

Hp ≫ Envy 6052 5se18a Version-

Hp ≫ Envy 6055 5se16a Version-

Hp ≫ Envy 6540 B9s59a Version-

Hp ≫ Envy 7640 Version-

Hp ≫ Envy 7644 E4w46a Version-

Hp ≫ Envy 7645 E4w44a Version-

Hp ≫ Envy Photo 6200 K7g18a Version-

Hp ≫ Envy Photo 6200 K7g26b Version-

Hp ≫ Envy Photo 6200 K7s21b Version-

Hp ≫ Envy Photo 6200 Y0k13d Version-

Hp ≫ Envy Photo 6200 Y0k15a Version-

Hp ≫ Envy Photo 6220 K7g20d Version-

Hp ≫ Envy Photo 6220 K7g21b Version-

Hp ≫ Envy Photo 6222 Y0k13d Version-

Hp ≫ Envy Photo 6222 Y0k14d Version-

Hp ≫ Envy Photo 6230 K7g25b Version-

Hp ≫ Envy Photo 6232 K7g26b Version-

Hp ≫ Envy Photo 6234 K7s21b Version-

Hp ≫ Envy Photo 6252 K7g22a Version-

Hp ≫ Envy Photo 7100 3xd89a Version-

Hp ≫ Envy Photo 7100 K7g93a Version-

Hp ≫ Envy Photo 7100 K7g99a Version-

Hp ≫ Envy Photo 7100 Z3m37a Version-

Hp ≫ Envy Photo 7100 Z3m52a Version-

Hp ≫ Envy Photo 7120 Z3m41d Version-

Hp ≫ Envy Photo 7155 Z3m52a Version-

Hp ≫ Envy Photo 7164 K7g99a Version-

Hp ≫ Envy Photo 7800 K7r96a Version-

Hp ≫ Envy Photo 7800 K7s00a Version-

Hp ≫ Envy Photo 7800 K7s10d Version-

Hp ≫ Envy Photo 7800 Y0g42d Version-

Hp ≫ Envy Photo 7800 Y0g52b Version-

Hp ≫ Envy Photo 7822 Y0g42d Version-

Hp ≫ Envy Photo 7822 Y0g43d Version-

Hp ≫ Envy Photo 7830 Y0g50b Version-

Hp ≫ Envy Pro 6420 5se45b Version-

Hp ≫ Envy Pro 6420 5se46a Version-

Hp ≫ Envy Pro 6420 6wd14a Version-

Hp ≫ Envy Pro 6420 6wd16a Version-

Hp ≫ Envy Pro 6452 5se47a Version-

Hp ≫ Envy Pro 6455 5se45a Version-

Hp ≫ Officejet 4650 E6g87a Version-

Hp ≫ Officejet 4650 F1h96a Version-

Hp ≫ Officejet 4650 F1h96b Version-

Hp ≫ Officejet 4652 F1j02a Version-

Hp ≫ Officejet 4652 F1j05b Version-

Hp ≫ Officejet 4652 K9v84b Version-

Hp ≫ Officejet 4654 F1j06b Version-

Hp ≫ Officejet 4654 F1j07b Version-

Hp ≫ Officejet 4655 F1j00a Version-

Hp ≫ Officejet 4655 K9v79a Version-

Hp ≫ Officejet 4655 K9v82b Version-

Hp ≫ Officejet 4656 K9v81b Version-

Hp ≫ Officejet 4657 V6d29b Version-

Hp ≫ Officejet 4658 V6d30b Version-

Huawei ≫ Hg255s Version-

Huawei ≫ Hg532e Version-

Nec ≫ Wr8165n Version-

Netgear ≫ Wnhde111 Version-

Ruckussecurity ≫ Zonedirector 1200 Version-

Tp-link ≫ Archer C50 Version-

Zte ≫ Zxv10 W300 Version-

Zyxel ≫ Amg1202-t10b Version-

Zyxel ≫ Vmg8324-b10a Version-

Microsoft ≫ Windows 10 Version-

Microsoft ≫ Xbox One Version10.0.19041.2494

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.73%	0.89

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H
nvd@nist.gov	7.8	8.6	7.8	AV:N/AC:M/Au:N/C:P/I:N/A:C

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html

Third Party Advisory

http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html

Third Party Advisory

VDB Entry

http://www.openwall.com/lists/oss-security/2020/06/08/2

Third Party Advisory

Mailing List

https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/

Third Party Advisory

https://github.com/corelight/callstranger-detector

Third Party Advisory

https://github.com/yunuscadirci/CallStranger

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4494-1/

Third Party Advisory

https://www.callstranger.com

Broken Link

https://www.debian.org/security/2020/dsa-4806

Third Party Advisory

https://www.debian.org/security/2021/dsa-4898

Third Party Advisory

https://www.kb.cert.org/vuls/id/339275

Third Party Advisory

US Government Resource

https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-12695

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-12695

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-12695

EUVD