CVE-2011-4505

The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:alcatel:speedtouch_5x6_router_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:alcatel:speedtouch_5x6_router:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:32

Type Values Removed Values Added
References () http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf - () http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf -
References () http://www.kb.cert.org/vuls/id/357851 - US Government Resource () http://www.kb.cert.org/vuls/id/357851 - US Government Resource

Information

Published : 2011-11-22 11:55

Updated : 2024-11-21 01:32


NVD link : CVE-2011-4505

Mitre link : CVE-2011-4505

CVE.ORG link : CVE-2011-4505


JSON object : View

Products Affected

alcatel

  • speedtouch_5x6_router_firmware
  • speedtouch_5x6_router
CWE
CWE-16

Configuration