Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2562

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2562
Last Modified 08 Mar 2011 12:00:00
Published 23 May 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2562

Summary

ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

Vulnerable Systems


References

XF - zyxel-upnp-security-bypass(26710)

VUPEN - ADV-2006-1910

MISC - http://www.securityview.org/how-does-the-upnp-flaw-works.html

MISC - http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html

SECUNIA - 20184


Last Updated: 27 May 2016 10:42:40