339 matches found
CVE-2026-58547
Heap-based buffer overflow in Universal Plug and Play upnp.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-49180
Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
CVE-2026-58547
The CVE-2026-58547 entry details a heap-based buffer overflow in Windows UPnP Device Host (upnp.dll) that can enable local privilege escalation for an authorized user. Affected component: Universal Plug and Play in Windows. Root cause: heap-based overflow in upnp.dll. Impact: local privilege elev...
CVE-2026-50455
CVE-2026-50455 describes an information disclosure in Universal Plug and Play (upnp.dll) caused by the use of an uninitialized resource. The vulnerability allows an authorized local attacker to disclose information. The reported impact shows confidentiality impact (C) as High, with local access a...
CVE-2026-45599
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45635
Access of resource using incompatible type 'type confusion' in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
EUVD-2026-35563
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability
...
CVE-2026-45635
CVE-2026-45635 affects Windows UPnP Device Host through a use-after-free in upnp.dll, enabling remote code execution over the network. The issue is tied to the Universal Plug and Play component, with impact described as remote, unauthenticated code execution; CVSSv3.1 base score 8.1 (HIGH). Affec...
CVE-2026-45635
Access of resource using incompatible type 'type confusion' in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
EUVD-2026-35556
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45599
The CVE-2026-45599 entry describes a use-after-free in Windows’ Universal Plug and Play component (upnp.dll) that enables a remote attacker to execute code over the network via the UPnP Device Host. The vulnerability is rated CVSSv3.1: 8.1 (HIGH) with Network attack vector, no privileges required...
Windows UPnP Device Host Remote Code Execution Vulnerability
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
PT-2026-47999
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free issue in the Universal Plug and Play component upnp.dll allows an unauthorized attacker to execute code over a network. Use after free is a memory corruption flaw that occurs...
PT-2026-47988
Name of the Vulnerable Software and Affected Versions Universal Plug and Play affected versions not specified Description A use after free issue in the Universal Plug and Play component upnp.dll allows an unauthorized remote attacker to execute arbitrary code and affect the system over a network...
CVE-2026-36611
Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...
CVE-2026-36608
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...
CVE-2026-36608
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...
CVE-2026-36603
Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...
CVE-2026-36602
CVE-2026-36602 affects the Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909. The issue arises in UPnP GetStatusInfo handling, which discloses kernel memory layout. An unauthenticated attacker on an adjacent network can obtain a raw MIPS KSEG0 kernel pointer, exposing kernel memory ...