cve/2012/CVE-2012-5960.md

CVE-2012-5960

Description

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.

POC

Reference

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
• https://www.tenable.com/security/research/tra-2017-10

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/CVEDB/PoC-List
• https://github.com/CVEDB/awesome-cve-repo
• https://github.com/finn79426/CVE-2012-5960-PoC