CVE-2011-4499 - Configuration vulnerability in Cisco and Linksys products

Publication

2011-11-22

Last modification

2012-03-09

Summary

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Description

Multiple routers are prone to a remote unauthorized access vulnerability. An attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device.The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1Cisco Linksys WRT54GX firmware 2.00.05Edimax BR-6104K prior to 3.25Edimax 6114WgCanyon-Tech CN-WF512 firmware version 1.83Canyon-Tech CN-WF514 firmware version 2.08Sitecom WL-153 prior to firmware 1.39Sitecom WL-111Sweex LB000021 firmware version 3.15ZyXEL P-330WSpeedTouch 5x6 firmware versions prior to 6.2.29Thomson TG585 firmware versions prior to 7.4.3.2

Solution

Updates are available. Please see the references for details.

Exploit

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-16 - Configuration

Risk level (CVSS AV:N/AC:L/Au:N/C:P/I:P/A:P)

High

7.5

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None