MiniUPnP DNS Rebind Vulnerability
Medium Nessus Plugin ID 93222
SynopsisThe remote host is affected by a DNS rebind vulnerability.
DescriptionThe remote host is running a version of MiniUPnP that is affected by an unspecified flaw that exists in the Domain Name System (DNS) related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a client-side script that interacts with the systems on their network.
SolutionUpgrade to MiniUPnP version 1.9 or later. Alternatively, if the remote target is an embedded device, disable UPnP.