All OSes: what about "CallStranger" vulnerability and openSUSE?

CallStranger
CVE-2020-12695
Data Exfiltration & Reflected Amplified TCP DDOS & Port Scan via UPnP SUBSCRIBE Callback
https://www.callstranger.com/

Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.

Ok, CVE-2020-12695 Common Vulnerabilities and Exposures | SUSE

Overall state of this security issue: Does not affect SUSE products

But what to do with another equipment?

Ask in another forum?

Hi
Yes, or better yet just turn it off…

My router…
https://forums.opensuse.org/attachment.php?attachmentid=894&stc=1

Screenshot from 2020-06-22 12-23-00.png

Yes, a sensible approach if not already disabled (and not required). :slight_smile: