CVE-2022-26505 — Authentication Bypass by Spoofing in Project Readymedia

Severity

7.4HIGHNVD

EPSS

0.2%

top 59.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 6

Latest updateSep 27

Description

A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:NExploitability: 2.8 | Impact: 4.0

▶debiandebian/minidlna< minidlna 1.3.0+dfsg-2.2 (bookworm)

Also affects: Debian Linux 9.0

OSV

minidlna vulnerabilities↗2023-09-27

▶

GHSA

GHSA-xw94-4rmp-7qw5: A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1↗2022-03-07

▶

OSV

CVE-2022-26505: A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1↗2022-03-06

▶

Ubuntu

ReadyMedia vulnerabilities↗2023-09-27

▶

Debian

CVE-2022-26505: minidlna - A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a re...↗2022

▶