Back to overview

CVE-2021-27137

HIGH Exploitation: PoC
8.1
CVSS 3.1
Description
An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP (which is off by default, and only listens on internal interfaces by default). This occurs in ssdp_msearch (reachable by an M-SEARCH request).

Metadata

CVE ID
CVE-2021-27137
State
PUBLISHED
Assigner
mitre
Reserved
2021-02-10 00:00 UTC
Published
2026-07-16 00:00 UTC
Last updated
2026-07-16 18:24 UTC
Primary CWE
CWE-121
CWE-121 Stack-based Buffer Overflow
Vendor / Product
DD-WRT / DD-WRT
Sources
cve.org  ·  NVD

Severity & Metrics

8.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
DD-WRT DD-WRT 0 < 45724
Weakness (CWE)
CWESourceDescription
CWE-121 cna CWE-121 Stack-based Buffer Overflow
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Back to overview