Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4502

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-4502
Last Modified 24 Jan 2013 12:00:00
Published 22 Nov 2011 06:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4502

Summary

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters.

Vulnerable Systems

Operating System

  • Canyon-tech Cn-wf512 Router Firmware 1.83

  • Canyon-tech Cn-wf514 Router Firmware 2.08

  • Edimax 6114wg Router Firmware 1.83

  • Edimax 6114wg Router Firmware 2.08

  • Edimax Br-6104k Router Firmware 3.21

  • Sitecom Wl-153 Router Firmware 1.31

  • Sitecom Wl-153 Router Firmware 1.34

  • Sweex Lb000021 Router Firmware 3.15

Application

  • Canyon-tech Cn-wf512 Router Firmware 1.83

  • Canyon-tech Cn-wf514 Router Firmware 2.08

  • Edimax 6114wg Router Firmware 1.83

  • Edimax 6114wg Router Firmware 2.08

  • Edimax Br-6104k Router Firmware 3.21

  • Sitecom Wl-153 1.31 Router Firmware

  • Sitecom Wl-153 1.34 Router Firmware

  • Sweex Lb000021 Router Firmware 3.15


References

CERT-VN - VU#357851

MISC - http://www.upnp-hacks.org/suspect.html

MISC - http://www.upnp-hacks.org/devices.html


Last Updated: 27 May 2016 10:51:50