CVE-2021-31718

2021-04-2518:35:34

mitre

www.cve.org

npupnp

dns rebinding

remote code execution

web server

upnp soap

gena endpoints

AI Score

9.2

Confidence

High

EPSS

0.018

Percentile

88.2%

JSON

The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.

References

www.openwall.com/lists/oss-security/2021/04/25/2

framagit.org/medoc92/npupnp

www.lesbonscomptes.com/upmpdcli/npupnp-doc/libnpupnp.html