CVE-2022-26505
Description
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
Risk Information
Base Score
7.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.185
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-6398-1) minidlna_1.3.0+dfsg-2.1ubuntu0.1_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-6398-1) minidlna_1.3.0+dfsg-2.2ubuntu0.1_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-6398-1) minidlna_1.1.5+dfsg-2ubuntu0.1_i386.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-6398-1) minidlna_1.1.5+dfsg-2ubuntu0.1_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-6398-1) minidlna_1.2.1+dfsg-1ubuntu0.20.04.2_amd64.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-6398-1) minidlna_1.2.1+dfsg-1ubuntu0.18.04.1_i386.deb | Linux |
| lightweight DLNA/UPnP-AV server targeted at embedded systems (USN-6398-1) minidlna_1.2.1+dfsg-1ubuntu0.18.04.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234