Vulnerabilities > CVE-2011-4506 - Configuration vulnerability in Technicolor Tg585 Router and Tg585 Router Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

technicolor

CWE-16

NVD

Published: 2011-11-22

Updated: 2012-03-08

Summary

The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Technicolor Technicolor Tg585 Router Firmware *	1
Hardware	Technicolor Technicolor Tg585 Router *	1

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
http://www.kb.cert.org/vuls/id/357851