Vulnerabilities > CVE-2011-4499 - Configuration vulnerability in multiple products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

cisco

linksys

CWE-16

NVD

Published: 2011-11-22

Updated: 2024-11-21

Summary

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Linksys Wrt54G Router Firmware * Cisco Linksys Wrt54G Router Firmware 3.03.9 Cisco Linksys Wrt54G Router Firmware 4.20.7 Cisco Linksys Wrt54Gs Router Firmware * Cisco Linksys Wrt54Gs Router Firmware 2.09.1	5
Hardware	Linksys Linksys Wrt54G * Linksys Wrt54G 2.2 Linksys Wrt54Gs 1.0 Linksys Wrt54Gs 2.0 Linksys Wrt54Gs 3.0 Linksys Wrt54Gs 4.0	6

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References