PT-2019-12889 · Miniupnp+1 · Miniupnpd+1
Published
2019-10-17
·
Updated
2019-10-22
·
CVE-2019-12611
CVSS v2.0
4.9
Medium
| Vector | AV:L/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Bitdefender BOX firmware versions prior to 2.1.37.37-34
Description
An issue affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation result in the device allocating memory without freeing it later. This behavior can cause the miniupnpd component to crash or trigger a device reboot.
Recommendations
For versions prior to 2.1.37.37-34, update to version 2.1.37.37-34 or later to resolve the issue. As a temporary workaround, consider restricting access to the miniupnpd component to minimize the risk of exploitation.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bitdefender Box
Miniupnpd