Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Good to know:
Date: May 24, 2021
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Related Resources (5)
Upgrade to version gupnp-1.0.7, gupnp-1.2.5
|Attack Vector (AV):||NETWORK|
|Attack Complexity (AC):||LOW|
|Privileges Required (PR):||NONE|
|User Interaction (UI):||REQUIRED|
|Access Vector (AV):||NETWORK|
|Access Complexity (AC):||MEDIUM|