PT-2021-20173 · Gupnp+10 · Gupnp+10

Jens Georg

Published

2021-04-06

Updated

2024-06-15

CVE-2021-33516

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions GUPnP versions prior to 1.0.7 GUPnP versions 1.1.x GUPnP versions 1.2.x through 1.2.4

Description The issue allows DNS rebinding, which can be exploited by a remote web server to trick a victim's browser into triggering actions against local UPnP services. This could potentially be used for data exfiltration or data tampering, depending on the affected service.

Recommendations For GUPnP versions prior to 1.0.7, update to version 1.0.7 or later. For GUPnP versions 1.1.x, update to version 1.2.5 or later. For GUPnP versions 1.2.x through 1.2.4, update to version 1.2.5 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-350

Related Identifiers

ALSA-2021:2363

ALT-PU-2021-1857

BDU:2025-04139

CESA-2021_2363

CVE-2021-33516

MGASA-2021-0321

OESA-2021-1272

OPENSUSE-SU-2021:0917-1

OPENSUSE-SU-2021:2153-1

OPENSUSE-SU-2021_0917-1

OPENSUSE-SU-2021_2153-1

OPENSUSE-SU-2024:10837-1

RHSA-2021:2363

RHSA-2021:2417

RHSA-2021:2422

RHSA-2021:2459

RHSA-2021_2363

RHSA-2021_2417

RLSA-2021:2363

SUSE-SU-2021:2080-1

SUSE-SU-2021:2153-1

SUSE-SU-2021_2080-1

SUSE-SU-2021_2153-1

USN-4970-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Gupnp

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2021-20173 · Gupnp+10 · Gupnp+10

CVE-2021-33516

Weakness Enumeration

Related Identifiers

Affected Products

References · 42