CVE-2011-4500
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.
La implementación de UPnP IGD en el Cisco Linksys WRT54GX con firmware v2.00.05, cuando UPnP está habilitado, configura el servidor SOAP para escuchar en el puerto WAN, lo que permite a atacantes remotos administrar el cortafuegos a través de peticiones SOAP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-11-22 CVE Reserved
- 2011-11-22 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-16: Configuration
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/357851 | Third Party Advisory |
|
| http://www.upnp-hacks.org/devices.html | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Linksys Wrt54gx Router Firmware Search vendor "Cisco" for product "Linksys Wrt54gx Router Firmware" | 2.00.05 Search vendor "Cisco" for product "Linksys Wrt54gx Router Firmware" and version "2.00.05" | - |
Affected
| in | Linksys Search vendor "Linksys" | Wrt54gx Search vendor "Linksys" for product "Wrt54gx" | 2.0 Search vendor "Linksys" for product "Wrt54gx" and version "2.0" | - |
Affected
|