A vulnerability was found in libupnp. If there’s no registered handler
for a POST or GET request, the default behavior is to write to or read
from the filesystem. This allows an unauthenticated attacker to store or
retrieve arbitrary data. This issue allows full host filesystem access
if the process is running as root and using / as the web root.