vulnerability
Red Hat: CVE-2021-33516: CVE-2021-33516 gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | May 24, 2021 | Jun 10, 2021 | Jul 28, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
May 24, 2021
Added
Jun 10, 2021
Modified
Jul 28, 2025
Description
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Solutions
redhat-upgrade-gupnpredhat-upgrade-gupnp-debuginforedhat-upgrade-gupnp-debugsourceredhat-upgrade-gupnp-develredhat-upgrade-gupnp-docs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.