Login Sign Up

CVE-2013-2600

7.5 HIGH

📋 TL;DR

MiniUPnPd contains an information disclosure vulnerability due to improper use of snprintf() that can leak sensitive memory contents. This affects systems running vulnerable versions of MiniUPnPd, typically embedded devices and routers using UPnP for network discovery. Attackers can exploit this to read arbitrary memory from the UPnP daemon process.

💻 Affected Systems

Products:
  • MiniUPnPd
Versions: Versions prior to 1.4
Operating Systems: Linux, BSD, Embedded systems
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with UPnP enabled, particularly routers, IoT devices, and network appliances using MiniUPnPd.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Miniupnpd by Miniupnp Project

View all CVEs affecting Miniupnpd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full memory disclosure leading to credential theft, private key exposure, or other sensitive data leakage that could enable further attacks.

🟠

Likely Case

Partial memory disclosure revealing process memory, potentially exposing configuration data, network information, or session tokens.

🟢

If Mitigated

Limited impact with proper network segmentation and UPnP disabled on perimeter devices.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the UPnP service (port 1900/udp typically).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: MiniUPnPd 1.4 and later

Vendor Advisory: http://miniupnp.free.fr/

Restart Required: Yes

Instructions:

1. Download MiniUPnPd 1.4 or later from official site. 2. Stop the MiniUPnPd service. 3. Install the updated version. 4. Restart the service.

🔧 Temporary Workarounds

Disable UPnP

linux

Completely disable the MiniUPnPd service if not required.

systemctl stop miniupnpd
systemctl disable miniupnpd

Network Segmentation

linux

Restrict access to UPnP service using firewall rules.

iptables -A INPUT -p udp --dport 1900 -j DROP

🧯 If You Can't Patch

  • Implement strict network ACLs to block external access to port 1900/udp
  • Monitor for unusual UPnP traffic patterns and memory access attempts

🔍 How to Verify

Check if Vulnerable:

Check MiniUPnPd version: miniupnpd -v or check package version via package manager.

Check Version:

miniupnpd -v 2>/dev/null || dpkg -l | grep miniupnpd || rpm -qa | grep miniupnp

Verify Fix Applied:

Confirm version is 1.4 or later and test UPnP functionality remains working.

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory access patterns in system logs
  • Multiple failed UPnP requests from single source

Network Indicators:

  • Abnormal UDP traffic to port 1900
  • UPnP M-SEARCH requests with malformed headers

SIEM Query:

source_port=1900 AND protocol=udp AND (payload_contains="M-SEARCH" OR payload_size>typical)

📊 Metadata

CVE ID: CVE-2013-2600
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: November 1, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-2600, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)