DNS-rebinding attack in PUPnP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-29462 |
| CWE-ID | CWE-350 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
PUPnP Universal components / Libraries / Libraries used by multiple products |
| Vendor | pupnp |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) DNS-rebinding
EUVDB-ID: #VU52464
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29462
CWE-ID:
CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DNS-rebinding attacks.
The vulnerability exists due to libupnp does not check the value of the Host header. A remote attacker can trick the victim's browser to trigger actions on the local UPnP services implemented using this library and perform data exfiltration or data tampering. Depending on the affected service, more advanced attack vectors can be used that lead to system compromise.
Install updates from vendor's website.
Vulnerable software versionsPUPnP: 1.4.0 - 1.14.5
External linkshttp://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
