CVE-2011-4499
Last modified
CVE-2011-4499 is a vulnerability of currently unknown severity. The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.. EPSS estimates a 1.43% chance of exploitation in the next 30 days.
Description
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Linksys Wrt54g Router Firmware | <= 4.20.8 |
| Cisco | Linksys Wrt54g Router Firmware | 3.03.9 |
| Cisco | Linksys Wrt54g Router Firmware | 4.20.7 |
| Linksys | Wrt54g | All versions |
| Linksys | Wrt54g | 2.2 |
| Cisco | Linksys Wrt54gs Router Firmware | <= 4.70.6 |
| Cisco | Linksys Wrt54gs Router Firmware | 2.09.1 |
| Linksys | Wrt54gs | 1.0 |
| Linksys | Wrt54gs | 2.0 |
| Linksys | Wrt54gs | 3.0 |
| Cisco | Linksys Wrt54gs Router Firmware | <= 1.06 |
| Linksys | Wrt54gs | 4.0 |
References
- http://www.kb.cert.org/vuls/id/357851US Government Resource
- http://www.kb.cert.org/vuls/id/357851US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-4499?
How severe is CVE-2011-4499?
How do I fix CVE-2011-4499?
Are you affected by CVE-2011-4499?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST