Main Vulnerability Database Vulnerabilities #VU54033

#VU54033 Reliance on Reverse DNS Resolution for a Security-Critical Action in gupnp - CVE-2021-33516

Published: June 10, 2021

Vulnerability identifier: #VU54033

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-33516

CWE-ID: CWE-350

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
gupnp

Software vendor:
Gnome Development Team

Description

The vulnerability allows a remote attacker to perform DNS rebinding attacks.

The vulnerability exists due to a logic issue in GUPnP. A remote attacker can trick a victim's browser into triggering actions against local UPnP services implemented using this library and gain access to sensitive information (e.g. data exfiltration) or tamper with data.

Remediation

Install updates from vendor's website.

External links

https://gitlab.gnome.org/GNOME/gupnp/-/issues/24
https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536

#VU54033 Reliance on Reverse DNS Resolution for a Security-Critical Action in gupnp - CVE-2021-33516

Description

Remediation

External links

Please verify you're human