CVE-2016-6255
MiCasaVerde VeraLite - Remote Code Execution
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
Portable UPnP SDK (también conocido como libupnp) en versiones anteriores a 1.6.21 permite a atacantes remotos escribir a archivos arbitrarios en el webroot a través de una petición POST sin un contralodor registrado.
Multiple vulnerabilities have been found in libupnp, the worst of which could lead to the execution of arbitrary code. Versions less than 1.6.21 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-07-20 CVE Reserved
- 2016-10-21 CVE Published
- 2016-10-21 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/92050 | Third Party Advisory | |
| https://sourceforge.net/p/pupnp/code/ci/master/tree/ChangeLog | Release Notes | |
| https://twitter.com/mjg59/status/755062278513319936 | Third Party Advisory | |
| https://www.tenable.com/security/research/tra-2017-10 | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/139298 | 2016-10-21 | |
| https://www.exploit-db.com/exploits/40589 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2016/dsa-3736 | 2017-11-03 | |
| https://security.gentoo.org/glsa/201701-52 | 2017-11-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Libupnp Project Search vendor "Libupnp Project" | Libupnp Search vendor "Libupnp Project" for product "Libupnp" | <= 1.6.20 Search vendor "Libupnp Project" for product "Libupnp" and version " <= 1.6.20" | - |
Affected
| ||||||