{"id":4507,"date":"2023-03-14T07:37:03","date_gmt":"2023-03-14T07:37:03","guid":{"rendered":"https:\/\/pdfarsivci.com\/?p=4507"},"modified":"2023-04-19T13:47:47","modified_gmt":"2023-04-19T13:47:47","slug":"callstranger-universal-plug-and-play-vulnerability","status":"publish","type":"post","link":"https:\/\/pdfarsivci.com\/callstranger-universal-plug-and-play-vulnerability.html","title":{"rendered":"Callstranger: universal plug-and-play vulnerability in billions of advised"},"content":{"rendered":"
\"Callstranger:<\/div>\n

A security researcher has discovered a vulnerability that could abuse attackers to get access to upnp geratas (universal plug and play) from afar and without authentication. The on the name "callstranger" (cve-2020-12695) baptized vulnerability is directly in the upnp protocol and is concerned after drawing up your discoverer yunus cad\u0131rc\u0131 billion network-finger devices that respond to inquiries via upnp. Several millions of these devices are accessible via the internet.<\/p>\n

According to information on the specially established callstranger website, the researcher informed the open connectivity foundation foundation (ocf) at the end of december at the end of december. This has on the 17th. April published an updated, secure protocol version. After comment cad\u0131rc\u0131s, however, it was allowed to take a while for most manufacturers based on the updated upnp specification (firmware) updates have developed and deployed. There are also those (iot) cheap gates, which are fundamentally no security updates.<\/p>\n

Cad\u0131rc\u0131 has published a first list of advised (or firmware concerned) and operating systems whose manufacturers already confirmed the attackability and \/ or who successfully attacked their own proof-of-concept code. You can find various routers as well as network-proof printers, ip cameras, as well as smart turkish ringing and tv. Also windows 10 (probably all versions incl. Server) and the operating system of the xbox one are represented.<\/p>\n

Ddos attacks and information theft<\/h3>\n

Callstranger \/ cve-2020-12695 is in the subcribe function of the upnp standard, which is essentially serving to query status elevations of other (upnp) devices or services. The field "callback" in the header of a subscribe request indicates to which url (s) the "event message" the answering candy is sent – and just this field is via "callstranger" manipulable by attackers.<\/p>\n

In the course of a distributed denial-of-service (ddos) attack, in the course of a distributed denial-of-service (ddos) attack, can be used to send traffic to any objectives in the course of a distributed denial-of-service (ddos) attack, therefore probably the name of the vulnerability. According to cad\u0131rc\u0131, according to cad\u0131rc\u0131, it is also possible to deal with callstranger over the detour of the equipment achievable from the internet to handle safety mechanisms to explore data from internal networks as well as scan the equipment therein on open ports. Thus, the vulnerability will be achievable not only for the (according to the ios search engine shodan currently over funf million) over the internet, but also for vulnerable devices in the local network for risk.<\/p>\n

The researcher has sued the various attack scenarios in an exemplary report. He also published his proof-of-concept code at github – in the form of a script that also betrayed the user, whether and which upnp devices are vulnerable to their own network.<\/p>\n