Lucene search

[email protected]NVD:CVE-2011-4499

HistoryNov 22, 2011 - 11:55 a.m.

CVE-2011-4499

2011-11-2211:55:04

CWE-16

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an “external forwarding” vulnerability.

Affected configurations

Nvd

Node

ciscolinksys_wrt54g_router_firmwareRange≤4.20.8

ciscolinksys_wrt54g_router_firmwareMatch3.03.9

ciscolinksys_wrt54g_router_firmwareMatch4.20.7

AND

linksyswrt54g

linksyswrt54gMatch2.2

Node

ciscolinksys_wrt54gs_router_firmwareRange≤4.70.6

ciscolinksys_wrt54gs_router_firmwareMatch2.09.1

AND

linksyswrt54gsMatch1.0

linksyswrt54gsMatch2.0

linksyswrt54gsMatch3.0

Node

ciscolinksys_wrt54gs_router_firmwareRange≤1.06

AND

linksyswrt54gsMatch4.0

VendorProductVersionCPE
ciscolinksys_wrt54g_router_firmware*cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:*:*:*:*:*:*:*:*
ciscolinksys_wrt54g_router_firmware3.03.9cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:3.03.9:*:*:*:*:*:*:*
ciscolinksys_wrt54g_router_firmware4.20.7cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:4.20.7:*:*:*:*:*:*:*
linksyswrt54g*cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*
linksyswrt54g2.2cpe:2.3:h:linksys:wrt54g:2.2:*:*:*:*:*:*:*
ciscolinksys_wrt54gs_router_firmware*cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*
ciscolinksys_wrt54gs_router_firmware2.09.1cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:2.09.1:*:*:*:*:*:*:*
linksyswrt54gs1.0cpe:2.3:h:linksys:wrt54gs:1.0:*:*:*:*:*:*:*
linksyswrt54gs2.0cpe:2.3:h:linksys:wrt54gs:2.0:*:*:*:*:*:*:*
linksyswrt54gs3.0cpe:2.3:h:linksys:wrt54gs:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	linksys_wrt54g_router_firmware	*	cpe:2.3:a:cisco:linksys_wrt54g_router_firmware::::::::
cisco	linksys_wrt54g_router_firmware	3.03.9	cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:3.03.9:::::::*
cisco	linksys_wrt54g_router_firmware	4.20.7	cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:4.20.7:::::::*
linksys	wrt54g	*	cpe:2.3:h:linksys:wrt54g::::::::
linksys	wrt54g	2.2	cpe:2.3:h:linksys:wrt54g:2.2:::::::*
cisco	linksys_wrt54gs_router_firmware	*	cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware::::::::
cisco	linksys_wrt54gs_router_firmware	2.09.1	cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:2.09.1:::::::*
linksys	wrt54gs	1.0	cpe:2.3:h:linksys:wrt54gs:1.0:::::::*
linksys	wrt54gs	2.0	cpe:2.3:h:linksys:wrt54gs:2.0:::::::*
linksys	wrt54gs	3.0	cpe:2.3:h:linksys:wrt54gs:3.0:::::::*

Rows per page:

1-10 of 111

References

www.kb.cert.org/vuls/id/357851

www.upnp-hacks.org/devices.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for NVD:CVE-2011-4499

cve1 cvelist1 prion1