MiniUPnP DNS Rebind Vulnerability

Medium Nessus Plugin ID 93222


The remote host is affected by a DNS rebind vulnerability.


The remote host is running a version of MiniUPnP that is affected by an unspecified flaw that exists in the Domain Name System (DNS) related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a client-side script that interacts with the systems on their network.


Upgrade to MiniUPnP version 1.9 or later. Alternatively, if the remote target is an embedded device, disable UPnP.

See Also

Plugin Details

Severity: Medium

ID: 93222

File Name: miniupnpd_dns_rebind.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Misc.

Published: 2016/08/30

Modified: 2016/11/28

Dependencies: 35709

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND


Base Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:miniupnp_project:miniupnpd

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/12/09

Vulnerability Publication Date: 2014/12/09

Reference Information

BID: 71624

OSVDB: 115649