Vulnerabilities > CVE-2011-4505 - Configuration vulnerability in Alcatel products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

alcatel

CWE-16

NVD

Published: 2011-11-22

Updated: 2024-11-21

Summary

The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Alcatel Alcatel Speedtouch 5X6 Router Firmware *	1
Hardware	Alcatel Alcatel Speedtouch 5X6 Router *	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
http://www.kb.cert.org/vuls/id/357851
http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
http://www.kb.cert.org/vuls/id/357851