Vulnerability CVE-2021-29462


Published: 2021-04-20   Modified: 2021-04-21

Description:
The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Pupnp project -> Pupnp 

 References:
https://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
http://www.openwall.com/lists/oss-security/2021/04/20/4

Copyright 2024, cxsecurity.com

 

Back to Top