PatchSiren

DD-WRT CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH DD-WRT CVE published 2026-07-16

CVE-2021-27137

A high-severity vulnerability, CVE-2021-27137, was discovered in DD-WRT routers. The issue is an unsafe strcpy in the UPnP handling functionality, which allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP, which is off by default and only listens on internal interfaces by default. This occurs in ssdp [truncated]