Main Vulnerability Database SB2022030711

SB2022030711 - DNS rebinding in ReadyMedia (formerly MiniDLNA)

Published: March 7, 2022

Security Bulletin ID SB2022030711

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) DNS rebinding (CVE-ID: CVE-2022-26505)

The vulnerability allows a remote attacker to perform DNS rebinding attacks.

The vulnerability exists due to the application is prone to DNS rebinding attacks. A remote attacker can trick the victim browser into triggering arbitrary UPnP requests on the local DLNA server and obtain results of such actions, including the ability to read shared files.

Remediation

Install update from vendor's website.

References

https://www.openwall.com/lists/oss-security/2022/03/03/1
https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/