CVE-2011-4500
Summary
| CVE | CVE-2011-4500 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-11-22 11:55:04 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Linksys Wrt54gx Router Firmware | 2.00.05 | All | All | All |
| Hardware | Linksys | Wrt54gx | 2.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| UPnP Hacks: Vulnerable UPnP IGD devices | af854a3a-2127-422b-91ae-364da2661108 | www.upnp-hacks.org | |
| US-CERT Vulnerability Note VU#357851 - UPnP requests accepted over router WAN interfaces | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | US Government Resource |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.