Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4499

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4499
Last Modified 09 Mar 2012 12:00:00
Published 22 Nov 2011 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4499

Summary

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Vulnerable Systems

Application

  • Cisco Linksys Wrt54g Router Firmware 3.03.9

  • Cisco Linksys Wrt54g Router Firmware 4.20.7

  • Cisco Linksys Wrt54g Router Firmware 4.20.8

  • Cisco Linksys Wrt54gs Router Firmware 1.06

  • Cisco Linksys Wrt54gs Router Firmware 2.09.1

  • Cisco Linksys Wrt54gs Router Firmware 4.70.6


References

CERT-VN - VU#357851

MISC - http://www.upnp-hacks.org/devices.html


Last Updated: 27 May 2016 10:57:48