CVE-2011-4499 - Configuration vulnerability in Cisco and Linksys products



Last modification



The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.


Multiple routers are prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device.The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1Cisco Linksys WRT54GX firmware 2.00.05Edimax BR-6104K prior to 3.25Edimax 6114WgCanyon-Tech CN-WF512 firmware version 1.83Canyon-Tech CN-WF514 firmware version 2.08Sitecom WL-153 prior to firmware 1.39Sitecom WL-111Sweex LB000021 firmware version 3.15ZyXEL P-330WSpeedTouch 5x6 firmware versions prior to 6.2.29Thomson TG585 firmware versions prior to


Updates are available. Please see the references for details.


Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at:


CWE-16 - Configuration

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:P)



Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High


  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None