The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
Configuration 12 (hide)
|
Configuration 13 (hide)
|
Configuration 14 (hide)
|
Configuration 15 (hide)
|
Configuration 16 (hide)
|
Configuration 17 (hide)
|
Configuration 18 (hide)
|
Configuration 19 (hide)
|
Configuration 20 (hide)
|
Configuration 21 (hide)
|
History
08 Apr 2024, 22:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/Â - Third Party Advisory | |
| References | () https://github.com/corelight/callstranger-detector - Third Party Advisory | |
| References | () https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html - Third Party Advisory | |
| References | () https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html - Third Party Advisory | |
| References | () https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html - Third Party Advisory | |
| References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/Â - Mailing List, Third Party Advisory | |
| References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/Â - Mailing List, Third Party Advisory | |
| References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/Â - Mailing List, Third Party Advisory | |
| References | () https://usn.ubuntu.com/4494-1/Â - Third Party Advisory | |
| References | () https://www.callstranger.com - Broken Link | |
| References | () https://www.debian.org/security/2020/dsa-4806Â - Third Party Advisory | |
| References | () https://www.debian.org/security/2021/dsa-4898Â - Third Party Advisory | |
| First Time |
Debian
Canonical Fedoraproject fedora Debian debian Linux Fedoraproject Canonical ubuntu Linux |
|
| CPE | cpe:2.3:h:hp:hp_officejet_4652_f1j02a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4524_f0v72b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4655_f1j00a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4528_k9t08b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4652_f1j05b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4520_e6g67b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4516_k9h52a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4520_e6g67a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4655_k9v82b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4657_v6d29b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4527_j6u61b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4655_k9v79a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97c:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4538_f0v66b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64c:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4656_k9v81b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4524_k9t01a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4520_f0v63a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4512_k9h49a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4522_f0v67a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4658_v6d30b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4513_k9h51a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4675_f1h97b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4520_f0v69a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4650_f1h96b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4511_k9h50a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4520_f0v63b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4676_f1h98a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4524_f0v71b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4523_j6u60b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4652_k9v84b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4678_f1h99b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4535_f0v64a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4654_f1j06b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4654_f1j07b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4526_k9t05b:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4650_f1h96a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_officejet_4650_e6g87a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_deskjet_ink_advantage_4536_f0v65a:-:*:*:*:*:*:*:* cpe:2.3:h:hp:hp_envy_4521_k9t10b:-:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
07 Nov 2023, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
26 Apr 2023, 18:55
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:dlink:dvg-n5412sp:-:*:*:*:*:*:*:* | |
| First Time |
Dlink dvg-n5412sp
Dlink |
23 Apr 2021, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Information
Published : 2020-06-08 17:15
Updated : 2024-04-08 22:50
NVD link : CVE-2020-12695
Mitre link : CVE-2020-12695
CVE.ORG link : CVE-2020-12695
JSON object : View
Products Affected
dell
- b1165nfw
hp
- deskjet_ink_advantage_4675_f1h97b
- envy_photo_7164_k7g99a
- envy_pro_6420_6wd14a
- envy_4503_e6g71b
- envy_5531
- officejet_4655_f1j00a
- envy_photo_7800_k7s10d
- envy_100_cn517b
- envy_4525_k9t09b
- deskjet_ink_advantage_4675_f1h97c
- envy_5020_m2u91b
- deskjet_ink_advantage_4678_f1h99b
- envy_5640_b9s58a
- envy_6052_5se18a
- envy_6020_5se17a
- envy_5540_g0v51a
- deskjet_ink_advantage_3545_a9t81a
- envy_5540_k7c85a
- envy_6020_5se16b
- envy_photo_7800_y0g52b
- 5030_z4a70a
- envy_5543_n9u88a
- envy_photo_6232_k7g26b
- envy_5000_z4a74a
- officejet_4654_f1j06b
- envy_6020_6wd35a
- envy_photo_6234_k7s21b
- officejet_4657_v6d29b
- envy_5540_g0v47a
- envy_4520_f0v63a
- envy_5643_b9s63a
- envy_photo_6200_k7s21b
- deskjet_ink_advantage_4535_f0v64c
- deskjet_ink_advantage_4538_f0v66b
- envy_114_cq811a
- envy_114_cq811b
- envy_4507_e6g70b
- envy_4520_e6g67a
- envy_4520_f0v69a
- envy_photo_7822_y0g42d
- envy_pro_6420_5se46a
- envy_111_cq810a
- envy_110_cq809b
- envy_photo_7800_y0g42d
- envy_pro_6452_5se47a
- envy_4526_k9t05b
- envy_5000_z4a54a
- envy_photo_7800_k7s00a
- envy_4509_d3p94b
- envy_photo_7100_k7g99a
- envy_110_cq809d
- envy_photo_7155_z3m52a
- envy_pro_6420_6wd16a
- envy_4524_f0v72b
- envy_5535
- 5034_z4a74a
- envy_7640
- envy_4521_k9t10b
- envy_4527_j6u61b
- envy_5542_k7c88a
- officejet_4652_k9v84b
- envy_5541_k7g89a
- envy_5530
- envy_4520_e6g67b
- 5030_m2u92b
- envy_5000_m2u85b
- deskjet_ink_advantage_4675_f1h97a
- envy_120_cz022a
- envy_5536
- envy_5548_k7g87a
- deskjet_ink_advantage_4536_f0v65a
- envy_4500_d3p93a
- envy_5546_k7c90a
- envy_photo_6200_k7g26b
- envy_4504_a9t88b
- envy_5642_b9s64a
- envy_5532
- envy_photo_6220_k7g21b
- envy_4520_f0v63b
- envy_4500_a9t89a
- envy_5000_m2u91a
- officejet_4655_k9v79a
- deskjet_ink_advantage_3548_a9t81b
- envy_photo_6200_y0k13d_
- officejet_4654_f1j07b
- deskjet_ink_advantage_4535_f0v64a
- envy_4501_c8d05a
- envy_photo_7830_y0g50b
- deskjet_ink_advantage_4515
- envy_6540_b9s59a
- envy_4516_k9h52a
- envy_photo_7100_z3m37a
- envy_photo_7120_z3m41d
- envy_4508_e6g72b
- envy_photo_6200_y0k15a
- envy_photo_6222_y0k13d
- deskjet_ink_advantage_4518
- deskjet_ink_advantage_5575_g0v48b
- envy_5665_f8b06a
- envy_5000_m2u85a
- deskjet_ink_advantage_4535_f0v64b
- envy_5534
- envy_5544_k7c89a
- envy_4500_a9t80a
- envy_100_cn518a
- envy_5640_b9s56a
- envy_5664_f8b08a
- envy_100_cn519a
- envy_100_cn519b
- envy_110_cq809a
- deskjet_ink_advantage_5575_g0v48c
- envy_5544_k7c93a
- envy_pro_6420_5se45b
- envy_100_cn517c
- envy_5539
- officejet_4658_v6d30b
- envy_photo_6220_k7g20d
- envy_4523_j6u60b
- envy_photo_7100_3xd89a
- envy_5540_f2e72a
- envy_5540_g0v53a
- envy_6020_7cz37a
- envy_6055_5se16a
- envy_4528_k9t08b
- envy_4522_f0v67a
- officejet_4652_f1j05b
- officejet_4650_e6g87a
- 5660_f8b04a
- envy_photo_6222_y0k14d
- envy_5547_j6u64a
- deskjet_ink_advantage_3545_a9t81c
- envy_photo_7100_z3m52a
- envy_110_cq809c
- envy_pro_6455_5se45a
- envy_4524_k9t01a
- envy_photo_7100_k7g93a
- envy_120_cz022c
- envy_7644_e4w46a
- envy_100_cn517a
- envy_114_cq812a
- officejet_4650_f1h96b
- envy_4505_a9t86a
- envy_4504_c8d04a
- envy_110_cq812c
- envy_4524_f0v71b
- envy_photo_6230_k7g25b
- envy_photo_7800_k7r96a
- deskjet_ink_advantage_3545_a9t83b
- envy_5000_m2u94b
- envy_5540_g0v52a
- officejet_4656_k9v81b
- envy_4511_k9h50a
- envy_4502_a9t87b
- envy_4513_k9h51a
- envy_photo_7822_y0g43d
- envy_5644_b9s65a
- deskjet_ink_advantage_4676_f1h98a
- envy_7645_e4w44a
- envy_5545_g0v50a
- envy_photo_6200_k7g18a
- officejet_4652_f1j02a
- envy_photo_6252_k7g22a
- deskjet_ink_advantage_3546_a9t82a
- envy_120_cz022b
- envy_4500_a9t80b
- envy_4502_a9t85a
- officejet_4650_f1h96a
- officejet_4655_k9v82b
- envy_5646_f8b05a
- deskjet_ink_advantage_3456_a9t84c
- envy_4509_d3p94a
- envy_4512_k9h49a
- 5020_z4a69a
epson
- ew-m970a3t
- m571t
- xp-4100
- xp-2105
- xp-4105
- ep-101
- xp-320
- xp-960
- xp-100
- xp-620
- xp-330
- xp-8500
- xp-440
- xp-241
- xp-2101
- xp-340
- xp-970
- xp-630
- xp-8600
- xp-702
huawei
- hg255s
- hg532e
netgear
- wnhde111
zte
- zxv10_w300
cisco
- wap131
- wap351
- wap150
debian
- debian_linux
canonical
- ubuntu_linux
tp-link
- archer_c50
dlink
- dvg-n5412sp
canon
- selphy_cp1200
w1.fi
- hostapd
broadcom
- adsl
zyxel
- vmg8324-b10a
- amg1202-t10b
microsoft
- windows_10
- xbox_one
ui
- unifi_controller
asus
- rt-n11
ruckussecurity
- zonedirector_1200
nec
- wr8165n
fedoraproject
- fedora
CWE
CWE-276
Incorrect Default Permissions