CVE-2020-12695
HIGH7.5EPSS 4.0%wpa - security update
Published: 6/8/2020Modified: 12/3/2025
Also known as:ALPINE-CVE-2020-12695DEBIAN-CVE-2020-12695
Description
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Affected packages (9)
- Alpine/hostapdfrom 0, < 2.8-r3
- Debian/gupnpfrom 0, < 1.0.1-1+deb9u1
- Debian/gupnpfrom 0, < 1.2.3-1
- Debian/minidlnafrom 0, < 1.2.1+dfsg-3
- Debian/minidlnafrom 0, < 1.1.6+dfsg-1+deb9u1
- Debian/minidlnafrom 0, < 1.2.1+dfsg-2+deb10u1
- Debian/pupnp-1.8from 0
- Debian/wpafrom 0, < 2:2.7+git20190128+0c1e29f-6+deb10u3
- Debian/wpafrom 0, < 2:2.9.0-16
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H |