CVE-2021-31718
HIGHnpupnp < 4.1.4 - Remote Code Execution via DNS Rebinding
Title source: llmDescription
The server in npupnp before 4.1.4 is affected by DNS rebinding in the embedded web server (including UPnP SOAP and GENA endpoints), leading to remote code execution.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://framagit.org/medoc92/npupnp
Third Party Advisory x_refsource_misc
https://www.lesbonscomptes.com/upmpdcli/npupnp-doc/libnpupnp.html
Mailing List, Third Party Advisory x_refsource_misc
http://www.openwall.com/lists/oss-security/2021/04/25/2
Scores
CVSS v3
8.8
EPSS
0.0096
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-346
Status
published
Products (1)
npupnp_project/npupnp
< 4.1.4
Published
Apr 25, 2021
Tracked Since
Feb 18, 2026