Vulnerability identifier: #VU52464
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-350
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
PUPnP
Universal components / Libraries /
Libraries used by multiple products
Vendor: pupnp
Description
The vulnerability allows a remote attacker to perform DNS-rebinding attacks.
The vulnerability exists due to libupnp does not check the value of the Host
header. A remote attacker can trick the victim's browser to trigger actions on the local UPnP services implemented using this library and perform data exfiltration or data tampering. Depending on the affected service, more advanced attack vectors can be used that lead to system compromise.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
PUPnP: 1.4.0 - 1.14.5
External links
http://github.com/pupnp/pupnp/security/advisories/GHSA-6hqq-w3jq-9fhg
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.