CVE-2011-4503
https://notcve.org/view.php?id=CVE-2011-4503
The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. La implementación de UPnP IGD en Broadcom Linux en el Sitecom WL-111, permite a atacantes remotos establecer mapas de puertos de su elección enviando una acción UPnP AddPortMapping en una petición SOAP al interfaz WAN, relacionado con una vulnerabilidad "external forwarding". • http://www.kb.cert.org/vuls/id/357851 http://www.upnp-hacks.org/suspect.html • CWE-16: Configuration •
CVE-2006-2560
https://notcve.org/view.php?id=CVE-2006-2560
Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. • http://secunia.com/advisories/20183 http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html http://www.securityview.org/how-does-the-upnp-flaw-works.html http://www.vupen.com/english/advisories/2006/1912 • CWE-264: Permissions, Privileges, and Access Controls •