9102 matches found
CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability
...
EUVD-2026-35563
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
EUVD-2026-35556
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability
...
CVE-2026-45599
The CVE-2026-45599 entry describes a use-after-free in Windows’ Universal Plug and Play component (upnp.dll) that enables a remote attacker to execute code over the network via the UPnP Device Host. The vulnerability is rated CVSSv3.1: 8.1 (HIGH) with Network attack vector, no privileges required...
Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
PT-2026-47988
Name of the Vulnerable Software and Affected Versions Universal Plug and Play affected versions not specified Description A use after free issue in the Universal Plug and Play component upnp.dll allows an unauthorized remote attacker to execute arbitrary code and affect the system over a network...
CVE-2026-36611
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...
CVE-2026-36608
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...
CVE-2026-22566
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...
CVE-2026-22564
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...
CVE-2026-22562
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution RCE. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Por...
CVE-2026-22563
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play PowerA...
CVE-2026-36608
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...
CVE-2026-36603
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...
CVE-2026-36602
CVE-2026-36602 affects the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909. The issue arises in UPnP GetStatusInfo handling, which discloses kernel memory layout. An unauthenticated attacker on an adjacent network can obtain a raw MIPS KSEG0 kernel pointer, exposing kernel memory ...
VulnCheck KEV: CVE-2021-27137
DD-WRT router firmware before changeset 45723 contains a stack buffer overflow vulnerability in the UPnP service that allows remote attackers to execute arbitrary code by sending specially crafted M-SEARCH requests with oversized ST:uuid values via UDP port 1900. Attackers can exploit this...
PT-2026-45990
Name of the Vulnerable Software and Affected Versions Mercusys AC12G EU V1 version AC12GEU V1 200909 Description The UPnP GetStatusInfo action discloses kernel memory layout. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, which reveals the kernel...
Mercusys AC12G 安全漏洞
The Mercusys AC12G is a Gigabit wireless router produced by the Chinese company Mercusys. There are security vulnerabilities in the Mercusys AC12G EU V1 and Mercusys AC12G EU V1 version released in September 2009. These vulnerabilities stem from the UPnP port 1900, where POST requests are receive...
PT-2026-45996
Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the...