vulnerability
FreeBSD: VID-244c8288-cc4a-11e6-a475-bcaec524bf84 (CVE-2016-6255): upnp -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Dec 27, 2016 | Dec 10, 2025 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Dec 27, 2016
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Matthew Garett reports: Reported this to upstream 8 months ago without response, so: libupnp's default behaviour allows anyone to write to your filesystem. Seriously. Find a device running a libupnp based server (Shodan says there's rather a lot), and POST a file to /testfile. Then GET /testfile ... and yeah if the server is running as root (it is) and is using / as the web root (probably not, but maybe) this gives full host fs access. Scott Tenaglia reports: There is a heap buffer overflow vulnerability in the create_url_list function in upnp/src/gena/gena_device.c.
Solution
freebsd-upgrade-package-upnp
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.