Vulnerability DatabaseWS-2020-0410
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2020-0410
August 05, 2020
In OpenHome’s ohNet UPnP stack, versions jenkins-ohNet-Nightly-Publish-360 through ohNet_1.30.3936 are vulnerable to the CallStranger vulnerability. An attacker can send a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, by which he can trigger data exfiltration or cause a Denial of Service.
Related Resources (2)
https://github.com/yunuscadirci/CallStranger/blob/master/CallStranger%20-%20Technical%20Report.pdf
https://github.com/openhome/ohNet/commit/6f0af65b19f226af0cdd1ffc67c829554c64c5fc
Do you need more information?
Contact Us
CVSS v4
Base Score:
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
LOW
Subsequent System Integrity
NONE
Subsequent System Availability
HIGH
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
HIGH