CVE-2021-33516 – This CVE describes a DNS rebinding vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2021-33516?

CVE-2021-33516 has a CVSS score of 8.1 (HIGH). This CVE describes a DNS rebinding vulnerability in GUPnP libraries that allows remote attackers to bypass same-origin policy protections. Attackers can trick victims' browsers into making requests to local UPnP services, potentially leading to unauthorized actions. Systems using vulnerable GUPnP versions for UPnP service implementations are affected.

📋 TL;DR

This CVE describes a DNS rebinding vulnerability in GUPnP libraries that allows remote attackers to bypass same-origin policy protections. Attackers can trick victims' browsers into making requests to local UPnP services, potentially leading to unauthorized actions. Systems using vulnerable GUPnP versions for UPnP service implementations are affected.

💻 Affected Systems

Products:

GUPnP library
Applications using GUPnP for UPnP services

Versions: GUPnP versions before 1.0.7, 1.1.x before 1.2.5, and 1.2.x before 1.2.5

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects any application using vulnerable GUPnP versions to implement UPnP services.

📦 What is this software?

Gupnp by Gnome

View all CVEs affecting Gupnp →

Gupnp by Gnome

View all CVEs affecting Gupnp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of local UPnP services allowing data exfiltration, service manipulation, or execution of unauthorized commands on affected devices.

🟠

Likely Case

Unauthorized access to UPnP services leading to data exposure or service disruption.

🟢

If Mitigated

Limited impact with proper network segmentation and browser security controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires DNS rebinding attack against victim's browser and vulnerable local UPnP service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GUPnP 1.0.7, 1.2.5, or later

Vendor Advisory: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536

Restart Required: Yes

Instructions:

1. Update GUPnP to version 1.0.7 or 1.2.5 or later. 2. Restart affected services using GUPnP. 3. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UPnP services from untrusted networks

Browser DNS Rebinding Protection

all

Enable DNS rebinding protection in browsers

🧯 If You Can't Patch

Implement strict network segmentation to isolate UPnP services
Deploy web application firewalls to detect DNS rebinding attempts

🔍 How to Verify

Check if Vulnerable:

Check GUPnP library version using package manager: dpkg -l | grep gupnp or rpm -qa | grep gupnp

Check Version:

pkg-config --modversion gupnp-1.0

Verify Fix Applied:

Verify installed GUPnP version is 1.0.7 or 1.2.5 or later

📡 Detection & Monitoring

Log Indicators:

Unusual DNS queries from browsers
Unexpected UPnP service requests from browser user-agents

Network Indicators:

DNS rebinding patterns
Cross-origin requests to local UPnP services

SIEM Query:

source="browser_logs" AND (dns_query="*.attacker.com" OR destination_ip="192.168.*")

📊 Metadata

CVE ID: CVE-2021-33516

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Published: May 24, 2021

Last Updated: November 21, 2024

🔗 References

https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 Patch,Vendor Advisory
https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 Issue Tracking,Vendor Advisory
https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 Patch,Vendor Advisory
https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON