Vulnerabilities > CVE-2011-4505 - Configuration vulnerability in Alcatel products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

alcatel

CWE-16

NVD

Published: 2011-11-22

Updated: 2012-03-08

Summary

The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Alcatel Alcatel Speedtouch 5X6 Router Firmware *	1
Hardware	Alcatel Alcatel Speedtouch 5X6 Router *	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
http://www.kb.cert.org/vuls/id/357851