DNS rebinding on ReadyMedia/minidlna v1.3.0 and below

Published: Mar 15 2022

A DNS rebinding vulnerability I found in ReadyMedia (formerly MiniDLNA) v1.3.0 and below. This is CVE-2022-26505.

DNS rebinding vulnerability in GUPnP

Published: Jun 24 2021

GUPnP, a GNOME library for Universal Plug and Play (UPnP), was vulnerable to DNS rebinding attacks. This is CVE-2021-33516 and GUPnP issue #24. This was fixed in GUPnP 1.0.7 and GUPnP 1.2.5.

DNS rebinding vulnerability in pupnp and npupnp

Published: Jun 12 2021

I found that pupnp was vulnerable to DNS rebinding attacks. npupnp, a fork a pupnp, was impacted as well. This is demonstrated using Gerbera a UPnP MediaServer.

Introduction to UPnP

Published: Mar 22 2021

This post gives simple explanations of how UPnP (Universal Plug-and-Play) works, especially with the goal of testing the security devices such as routers, smart TVs, etc.

DNS rebinding vulnerability in Samsung SmartTV UPnP

Published: Mar 22 2021

I found a DNS rebinding vulnerability on the Universal Plug-and-Play (UPnP) interface of the Samsung TV UE40F6320 (v1.0), from 2011. This could be used, for example, to change the channel, to know which channel is currently used or open the builtin browser to any URI.

DNS rebinding vulnerabilities in Freebox

Published: Sep 23 2020

I found some DNS rebinding vulnerabilities in Freebox devices (CVE-2020-24374, CVE-2020-24375, CVE-2020-24376, CVE-2020-24377) as well as a Cross Site Request Forgery (CSRF) vulnerability (CVE-2020-24373). These vulnerabilities were fixed in 2020-08-05.

Page 1 of 1 | Previous page | Next page | JSON Feed | Atom Feed