UPnP SSDP M-SEARCH Information Discovery
Discover information from UPnP-enabled systems
Module Name
auxiliary/scanner/upnp/ssdp_msearch
Authors
- todb <todb [at] metasploit.com>
- hdm <x [at] hdm.io>
References
Reliability
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/scanner/upnp/ssdp_msearch
msf auxiliary(ssdp_msearch) > show actions
...actions...
msf auxiliary(ssdp_msearch) > set ACTION <action-name>
msf auxiliary(ssdp_msearch) > show options
...show and set options...
msf auxiliary(ssdp_msearch) > run
Related Vulnerabilities
- DSA-2614-1 libupnp -- several vulnerabilities
- DSA-2615-1 libupnp4 -- several vulnerabilities
- FreeBSD: upnp -- multiple vulnerabilities (Multiple CVEs)
- Gentoo Linux: CVE-2012-5958: libupnp: Arbitrary code execution
- Gentoo Linux: CVE-2012-5959: libupnp: Arbitrary code execution
- libupnp unique_service_name SSDP pointer subtraction stack overflow (CVE-2012-5958)
- libupnp unique_service_name SSDP long UDN field stack overflow (CVE-2012-5959)
- MiniUPnPd ProcessSSDPRequest() Out of Bounds Memory Access Denial of Service (cve-2013-0229)
- Stack-based buffer overflow in HTTP service in MiniUPnP (CVE-2013-0230)
- SUSE Linux Security Vulnerability: CVE-2012-5958
- SUSE Linux Security Vulnerability: CVE-2012-5959