CVE-2018-6608
NONE EPSS 87.2%
Published Mar 28, 20188y ago · Modified Jun 17, 20262w ago
Published Mar 28, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
Threat Intelligence
EPSS Exploit Probability
87.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| opera | opera_browser | 51.0.2830.55 | any |
References 5
- docs.google.com https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit?usp=sharing
- github.com https://github.com/VoidSec/WebRTC-Leak
- news.ycombinator.com https://news.ycombinator.com/item?id=16699270
- voidsec.com https://voidsec.com/vpn-leak/
- bleepingcomputer.com https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.