Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 16 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request). | |
| First Time appeared |
Dd-wrt
Dd-wrt dd-wrt |
|
| Weaknesses | CWE-121 | |
| CPEs | cpe:2.3:a:dd-wrt:dd-wrt:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Dd-wrt
Dd-wrt dd-wrt |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-16T18:24:38.274Z
Reserved: 2021-02-10T00:00:00.000Z
Link: CVE-2021-27137
Updated: 2026-07-16T18:24:33.515Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-16T20:30:05Z