CVE-2011-4499

CWE-163 documents3 sources

Severity

7.5HIGH

EPSS

0.5%

top 35.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Linksys Wrt54g Router Firmware Cisco Linksys Wrt54gs Router Firmware Linksys Wrt54g +1 more

Timeline

PublishedNov 22

Latest updateMay 17

Description

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDcisco/linksys_wrt54gs_router_firmware4.70.6+2

▶NVDcisco/linksys_wrt54g_router_firmware4.20.8+2

▶NVDlinksys/wrt54gs4 versions+3

▶NVDlinksys/wrt54g2.2

🔴Vulnerability Details

GHSA

GHSA-f493-r5jh-m3rp: The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4↗2022-05-17

▶

CVEList

CVE-2011-4499: The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4↗2011-11-22

▶