exploitDog

CVE-2011-4505

Опубликовано: 22 нояб. 2011

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Ссылки

http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
http://www.kb.cert.org/vuls/id/357851
US Government Resource
http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf
http://www.kb.cert.org/vuls/id/357851
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:alcatel:speedtouch_5x6_router_firmware:*:*:*:*:*:*:*:*

Версия до 6.2 (включая)

cpe:2.3:h:alcatel:speedtouch_5x6_router:*:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00509

Низкий

7.5 High

CVSS2

Дефекты

CWE-16

Связанные уязвимости

GHSA-rh9v-48rx-mh8q

github

больше 3 лет назад

The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

EPSS

Процентиль: 66%

0.00509

Низкий

7.5 High

CVSS2

Дефекты

CWE-16