CVE-2011-4501

Name: CVE-2011-4501
Creator: NVD / NIST
Published: 2011-11-22T11:55:04.887+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.45%

Last modified Jun 16, 2026

CVE-2011-4501 is a vulnerability of currently unknown severity. The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.. EPSS estimates a 4.45% chance of exploitation in the next 30 days.

Description

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Metrics

EPSS Probability

4.45%

90.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-16

Affected Software

Vendor	Product	Versions
Edimax	Br-6104k Router Firmware	3.21
Edimax	Br-6104k	All versions
Canyon-Tech	Cn-Wf512 Router Firmware	1.83
Canyon-Tech	Cn-Wf514 Router Firmware	2.08
Canyon-Tech	Cn-Wf512	All versions
Canyon-Tech	Cn-Wf514	All versions
Edimax	6114wg Router Firmware	1.83
Edimax	6114wg Router Firmware	2.08
Edimax	6114wg	All versions
Sitecom	Wl-153 Router Firmware	1.31
Sitecom	Wl-153 Router Firmware	1.34
Sitecom	Wl-153	All versions
Sweex	Lb000021 Router Firmware	3.15
Sweex	Lb000021	All versions

References

http://www.kb.cert.org/vuls/id/357851US Government Resource
http://www.upnp-hacks.org/devices.html
http://www.upnp-hacks.org/suspect.html
http://www.kb.cert.org/vuls/id/357851US Government Resource
http://www.upnp-hacks.org/devices.html
http://www.upnp-hacks.org/suspect.html

Timeline

Published: Nov 22, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-4501?

How severe is CVE-2011-4501?

Severity scoring for CVE-2011-4501 is pending analysis. The EPSS model estimates a 4.45% probability of exploitation in the next 30 days.

How do I fix CVE-2011-4501?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4501?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST