{"id":"CVE-2020-12695","details":"The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.","modified":"2026-03-15T22:32:30.669448Z","published":"2020-06-08T17:15:09.973Z","related":["ALSA-2021:1789","MGASA-2020-0304","MGASA-2020-0483","openSUSE-SU-2020:2160-1","openSUSE-SU-2020:2194-1","openSUSE-SU-2020:2204-1","openSUSE-SU-2020:2226-1","openSUSE-SU-2021:0519-1","openSUSE-SU-2021:0545-1","openSUSE-SU-2024:10837-1","openSUSE-SU-2024:10846-1","openSUSE-SU-2024:11050-1"],"references":[{"type":"WEB","url":"https://www.callstranger.com"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3SHL4LOFGHJ3DIXSUIQELGVBDJ7V7LB/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZDWHKGN3LMGSUEOAAVAMOD3IUIPJVOJ/"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/339275"},{"type":"ADVISORY","url":"https://www.tenable.com/blog/cve-2020-12695-callstranger-vulnerability-in-universal-plug-and-play-upnp-puts-billions-of"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00017.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4494-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2020/dsa-4806"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4898"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQEYVY4D7LASH6AI4WK3IK2QBFHHF3Q2/"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/158051/CallStranger-UPnP-Vulnerability-Checker.html"},{"type":"ADVISORY","url":"https://corelight.blog/2020/06/10/detecting-the-new-callstranger-upnp-vulnerability-with-zeek/"},{"type":"ADVISORY","url":"https://github.com/corelight/callstranger-detector"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00011.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/06/08/2"},{"type":"ADVISORY","url":"https://github.com/yunuscadirci/CallStranger"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12695.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0.19041.2494"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H"}]}