Vulnerabilities > CVE-2011-4503 - Configuration vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

broadcom

sitecom

CWE-16

NVD

Published: 2011-11-22

Updated: 2013-01-24

Summary

The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Broadcom Broadcom Broadcom Linux *	1
Hardware	Sitecom Sitecom WL 111 -	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://www.kb.cert.org/vuls/id/357851
http://www.upnp-hacks.org/suspect.html