VDB
DEBIAN-CVE-2021-33516
DEBIAN-CVE-2021-33516
PUBLISHED
CVSS 8.100000381469727 HIGH
An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick a victim's browser into triggering actions against local UPnP services implemented using this library. Depending on the affected service, this could be used for data exfiltration, data tempering, etc.
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | gupnp | 0, 0, 0 |
| Debian:13 | gupnp | 0, 0, 0 |
| Debian:11 | gupnp | 0, 1.2.4-1, 1.2.7-1 |
| Debian:12 | gupnp | 0, 0, 0 |
Timeline
- May 24, 2021 CVE Published
- Apr 28, 2026 CVE Updated