CVE-2021-47854

CVE-2021-47854 affects DD-WRT 45723 and describes a buffer overflow in the UPNP network discovery service. The vulnerability is triggered by receiving crafted M-SEARCH packets with oversized UUID payloads, which can lead to remote code execution on the targeted device. The CVSS metrics indicate a...

CVE-2023-31998

A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices...

CVE-2020-10923

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A...

CVE-2020-10924

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.8410.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

CVE-2025-61498

CVE-2025-61498 describes a buffer overflow in the UPnP service of Tenda AC8 Hardware v03.03.10.01, caused by a boundary error when processing untrusted input. The vulnerability can allow a remote attacker to cause Denial of Service (DoS) via a crafted packet; some sources also mention potential a...

EUVD-2020-18618

Malware in sbrugna...

EUVD-2021-21638

Malware in sbrugna...

EUVD-2018-8403

Malware in sbrugna...

EUVD-2025-9056

Malicious code in bioql PyPI...

EUVD-2024-54344

Malicious code in bioql PyPI...

EUVD-2023-36287

Malicious code in bioql PyPI...

EUVD-2022-50605

Malicious code in bioql PyPI...

EUVD-2025-6460

Malicious code in bioql PyPI...

EUVD-2023-45050

Malicious code in bioql PyPI...

TCL 65C655 Smart TV 安全漏洞

TCL 65C655 Smart TV is a Smart TV from TCL Corporation of China. A security vulnerability exists in TCL 65C655 Smart TV version V8-R75PT01-LF1V269.001116, which originates when the UPnP MediaRenderer service accepts unauthenticated SetAVTransportURI SOAP requests, which could lead to a server-sid...

PT-2025-27045

Name of the Vulnerable Software and Affected Versions: Linksys WRT1900ACS, EA7200, EA7450, and EA7500 versions up to 20250619 Description: A critical vulnerability exists in Linksys routers due to a stack-based buffer overflow. The issue is located in the SetDefaultConnectionService function with...

CVE-2022-47848

An issue was discovered in Bezeq Vtech NB403-IL version BZ2.02.07.09.13.01 and Vtech IAD604-IL versions BZ2.02.07.09.13.01, BZ2.02.07.09.13T, and BZ2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service...

CVE-2021-34991

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.10610.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by...

CVE-2020-18568

The D-Link DSR-250 3.14 DSR-1000N 2.11B201 UPnP service contains a command injection vulnerability, which can cause remote command execution...

CVE-2020-25988

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 P4410-V2–1.34H has an action 'XGetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent...