The remote FreeBSD host is missing a security-related update.
Matthew Garett reports : Reported this to upstream 8 months ago without response, so: libupnp's default behaviour allows anyone to write to your filesystem. Seriously. Find a device running a libupnp based server (Shodan says there's rather a lot), and POST a file to /testfile. Then GET /testfile ... and yeah if the server is running as root (it is) and is using / as the web root (probably not, but maybe) this gives full host fs access. Scott Tenaglia reports : There is a heap buffer overflow vulnerability in the create_url_list function in upnp/src/gena/gena_device.c.