CVE-2021-29462

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Portable SDK for UPnP Devices versions prior to 1.14.6

Description: The server part of pupnp (libupnp) is susceptible to DNS rebinding attacks due to its failure to check the value of the Host header. This issue can be mitigated by utilizing DNS resolvers that block DNS-rebinding attacks.

Recommendations: For versions prior to 1.14.6, update to version 1.14.6 or later to resolve the issue. As a temporary workaround, consider using DNS resolvers that block DNS-rebinding attacks to minimize the risk of exploitation.

Fix

Insufficient Verification of Data Authenticity

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345CWE-20

Related Identifiers

ALT-PU-2022-7682

CVE-2021-29462

GHSA-6HQQ-W3JQ-9FHG

MGASA-2021-0319

OPENSUSE-SU-2024:11006-1

Affected Products

Alt Linux

Debian

Portable Sdk For Upnp Devices

CVE-2021-29462

Weakness Enumeration

Related Identifiers

Affected Products

References · 14