MiniUPnP DNS Rebind Vulnerability

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a DNS rebind vulnerability.

Description :

The remote host is running a version of MiniUPnP that is affected by
an unspecified flaw that exists in the Domain Name System (DNS)
related to the 'rebinding' interaction. An unauthenticated, remote
attacker can exploit this, by convincing a user to visit a specially
crafted web page, to run a client-side script that interacts with the
systems on their network.

See also :

http://www.nessus.org/u?7516605f

Solution :

Upgrade to MiniUPnP version 1.9 or later. Alternatively, if the
remote target is an embedded device, disable UPnP.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 93222 ()

Bugtraq ID: 71624

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now