Main Vulnerability Database SB2021070522

SB2021070522 - Anolis OS update for gupnp (Anolis OS 8.2)

Published: July 5, 2021 Updated: March 28, 2025

Security Bulletin ID SB2021070522

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reliance on Reverse DNS Resolution for a Security-Critical Action (CVE-ID: CVE-2021-33516)

The vulnerability allows a remote attacker to perform DNS rebinding attacks.

The vulnerability exists due to a logic issue in GUPnP. A remote attacker can trick a victim's browser into triggering actions against local UPnP services implemented using this library and gain access to sensitive information (e.g. data exfiltration) or tamper with data.

Remediation

Install update from vendor's website.

References

https://anas.openanolis.cn/errata/detail/ANSA-2021:0123