CVE-2021-27137
CVE-2021-27137 affects DD-WRT’s UPnP service (ssdp.c) before change set 45724, where an unsafe strcpy copies user-supplied data into a fixed 128-byte buffer, enabling a remote unauthenticated attacker to overflow the buffer via M-SEARCH requests on UDP/1900. By default UPnP is off and bound to in...