Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability
BID:50810
Info
Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability
| Bugtraq ID: | 50810 |
| Class: | Design Error |
| CVE: |
CVE-2011-4499 CVE-2011-4500 CVE-2011-4501 CVE-2011-4502 CVE-2011-4503 CVE-2011-4504 CVE-2011-4505 CVE-2011-4506 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 24 2011 12:00AM |
| Updated: | Mar 19 2015 08:33AM |
| Credit: | Daniel Garcia |
| Vulnerable: |
ZyXEL P-330W 0 Thomson TG585 Router 0 Speedtouch 5x6 0 Sitcom WL-153 0 Sitcom WL-111 0 Linksys WRT54G v4.0 4.20.6 (Firmware) Linksys WRT54G v4.0 4.0.7 (Firmware) Linksys WRT54G v3.0 3.3.6 (Firmware) Linksys WRT54G v3.0 3.1.3 (Firmware) Linksys WRT54G v2.0 2.4.4 (Firmware) Linksys WRT54G v2.0 2.0 2.8 beta(Firmware) Linksys WRT54G v2.0 2.0 0.8 (Firmware) Edimax BR-6104K 0 Edimax 6114Wg 0 Canyon-Tech CN-WF514 2.08 Canyon-Tech CN-WF512 1.83 |
| Not Vulnerable: |
Thomson TG585 Router 7.4.3.2 Speedtouch 5x6 6.2.29 Sitcom WL-153 1.39 Linksys WRT54G v4.0 1.0.6 Edimax BR-6104K 3.25 |
Discussion
Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability
Multiple routers are prone to a remote unauthorized access vulnerability.
An attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device.
The following devices are affected:
Cisco Linksys WRT54G firmware version prior to 4.30.5
Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1
Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1
Cisco Linksys WRT54GX firmware 2.00.05
Edimax BR-6104K prior to 3.25
Edimax 6114Wg
Canyon-Tech CN-WF512 firmware version 1.83
Canyon-Tech CN-WF514 firmware version 2.08
Sitecom WL-153 prior to firmware 1.39
Sitecom WL-111
Sweex LB000021 firmware version 3.15
ZyXEL P-330W
SpeedTouch 5x6 firmware versions prior to 6.2.29
Thomson TG585 firmware versions prior to 7.4.3.2
Multiple routers are prone to a remote unauthorized access vulnerability.
An attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device.
The following devices are affected:
Cisco Linksys WRT54G firmware version prior to 4.30.5
Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1
Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1
Cisco Linksys WRT54GX firmware 2.00.05
Edimax BR-6104K prior to 3.25
Edimax 6114Wg
Canyon-Tech CN-WF512 firmware version 1.83
Canyon-Tech CN-WF514 firmware version 2.08
Sitecom WL-153 prior to firmware 1.39
Sitecom WL-111
Sweex LB000021 firmware version 3.15
ZyXEL P-330W
SpeedTouch 5x6 firmware versions prior to 6.2.29
Thomson TG585 firmware versions prior to 7.4.3.2
Exploit / POC
Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability
References:
References:
- Vulnerability Note VU#357851 (US-CERT)
- Vulnerable UPnP IGD devices (UPnP hacks)