What is CVE-2018-6849?

CVE-2018-6849 is a vulnerability in N/a. Published 2018-04-01.

Is CVE-2018-6849 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-6849

In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

EPSS: 0.753 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

github.com/rapid7/metasploit-framework/pull/9538 (x_refsource_MISC)
voidsec.com/vpn-leak/ (x_refsource_MISC)
44403 (exploit, x_refsource_EXPLOIT-DB)
news.ycombinator.com/item (x_refsource_MISC)
datarift.blogspot.com/p/private-ip-leakage-using-webrtc.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-6849?: CVE-2018-6849 is a vulnerability in N/a. Published 2018-04-01.
Is CVE-2018-6849 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.