ID |
CVE-2011-4501
|
Summary |
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:edimax:br-6104k_router_firmware:3.21:*:*:*:*:*:*:*
cpe:2.3:o:edimax:br-6104k_router_firmware:3.21:*:*:*:*:*:*:*
-
cpe:2.3:h:edimax:br-6104k:-:*:*:*:*:*:*:*
cpe:2.3:h:edimax:br-6104k:-:*:*:*:*:*:*:*
-
cpe:2.3:o:canyon-tech:cn-wf512_router_firmware:1.83:*:*:*:*:*:*:*
cpe:2.3:o:canyon-tech:cn-wf512_router_firmware:1.83:*:*:*:*:*:*:*
-
cpe:2.3:o:canyon-tech:cn-wf514_router_firmware:2.08:*:*:*:*:*:*:*
cpe:2.3:o:canyon-tech:cn-wf514_router_firmware:2.08:*:*:*:*:*:*:*
-
cpe:2.3:h:canyon-tech:cn-wf512:-:*:*:*:*:*:*:*
cpe:2.3:h:canyon-tech:cn-wf512:-:*:*:*:*:*:*:*
-
cpe:2.3:h:canyon-tech:cn-wf514:-:*:*:*:*:*:*:*
cpe:2.3:h:canyon-tech:cn-wf514:-:*:*:*:*:*:*:*
-
cpe:2.3:o:edimax:6114wg_router_firmware:1.83:*:*:*:*:*:*:*
cpe:2.3:o:edimax:6114wg_router_firmware:1.83:*:*:*:*:*:*:*
-
cpe:2.3:o:edimax:6114wg_router_firmware:2.08:*:*:*:*:*:*:*
cpe:2.3:o:edimax:6114wg_router_firmware:2.08:*:*:*:*:*:*:*
-
cpe:2.3:h:edimax:6114wg:-:*:*:*:*:*:*:*
cpe:2.3:h:edimax:6114wg:-:*:*:*:*:*:*:*
-
cpe:2.3:o:sitecom:wl-153_router_firmware:1.31:*:*:*:*:*:*:*
cpe:2.3:o:sitecom:wl-153_router_firmware:1.31:*:*:*:*:*:*:*
-
cpe:2.3:o:sitecom:wl-153_router_firmware:1.34:*:*:*:*:*:*:*
cpe:2.3:o:sitecom:wl-153_router_firmware:1.34:*:*:*:*:*:*:*
-
cpe:2.3:h:sitecom:wl-153:-:*:*:*:*:*:*:*
cpe:2.3:h:sitecom:wl-153:-:*:*:*:*:*:*:*
-
cpe:2.3:o:sweex:lb000021_router_firmware:3.15:*:*:*:*:*:*:*
cpe:2.3:o:sweex:lb000021_router_firmware:3.15:*:*:*:*:*:*:*
-
cpe:2.3:h:sweex:lb000021:-:*:*:*:*:*:*:*
cpe:2.3:h:sweex:lb000021:-:*:*:*:*:*:*:*
|
CVSS |
Base: | 10.0 (as of 24-01-2013 - 05:00) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-16 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
|
Last major update |
24-01-2013 - 05:00 |
Published |
22-11-2011 - 11:55 |
Last modified |
24-01-2013 - 05:00 |