Search criteria
13 vulnerabilities found for wrt54gs by linksys
VAR-200508-0116
Vulnerability from variot - Updated: 2023-12-18 13:58Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. Reportedly the device permits client devices that are using no encryption to connect when an encryption setting is being used. This results in a false sense of security. This issue is reported to affect firmware version 4.50.6; other firmware versions may also be affected. This issue also appears to have been addressed in firmware version 4.70.6; this has not been confirmed by Symantec or the vendor. Further information suggests this issue occurs when a firmware upgrade to version 4.50.6 has occurred but the unit has not been reset to factory defaults. Resetting the unit once the firmware has been upgraded is part of the recommended Linksys upgrade procedure. Linksys WRT54GS is a wireless router device that combines several functions.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Linksys WRT54GS Wireless Encryption Security Bypass
SECUNIA ADVISORY ID: SA16457
VERIFY ADVISORY: http://secunia.com/advisories/16457/
CRITICAL: Moderately critical
IMPACT: Security Bypass
WHERE:
From remote
OPERATING SYSTEM: Linksys WRT54GS Wireless-G Broadband Router with SpeedBooster http://secunia.com/product/5549/
DESCRIPTION: Steve Scherf has reported a security issue in Linksys WRT54GS, which can be exploited by malicious people to bypass certain security restrictions.
PROVIDED AND/OR DISCOVERED BY: Steve Scherf
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200508-0116",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "4.50.6"
},
{
"model": "wrt54gs",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "4.70.6"
}
],
"sources": [
{
"db": "BID",
"id": "14566"
},
{
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:4.50.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2589"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Steve Scherf bugtraq@moonsoft.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2589",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13798",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2589",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200508-177",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-13798",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13798"
},
{
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. Reportedly the device permits client devices that are using no encryption to connect when an encryption setting is being used. This results in a false sense of security. \nThis issue is reported to affect firmware version 4.50.6; other firmware versions may also be affected. \nThis issue also appears to have been addressed in firmware version 4.70.6; this has not been confirmed by Symantec or the vendor. \nFurther information suggests this issue occurs when a firmware upgrade to version 4.50.6 has occurred but the unit has not been reset to factory defaults. Resetting the unit once the firmware has been upgraded is part of the recommended Linksys upgrade procedure. Linksys WRT54GS is a wireless router device that combines several functions. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nLinksys WRT54GS Wireless Encryption Security Bypass\n\nSECUNIA ADVISORY ID:\nSA16457\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/16457/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nLinksys WRT54GS Wireless-G Broadband Router with SpeedBooster\nhttp://secunia.com/product/5549/\n\nDESCRIPTION:\nSteve Scherf has reported a security issue in Linksys WRT54GS, which\ncan be exploited by malicious people to bypass certain security\nrestrictions. \n\nPROVIDED AND/OR DISCOVERED BY:\nSteve Scherf\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"db": "BID",
"id": "14566"
},
{
"db": "VULHUB",
"id": "VHN-13798"
},
{
"db": "PACKETSTORM",
"id": "39447"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "14566",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "16457",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1014721",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-2589",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200508-177",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050815 SERIOUS FLAW IN LINKSYS WIRELESS AP PASSWORD SECURITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-13798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "39447",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13798"
},
{
"db": "BID",
"id": "14566"
},
{
"db": "PACKETSTORM",
"id": "39447"
},
{
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
]
},
"id": "VAR-200508-0116",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13798"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:58:32.487000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2589"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14566"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014721"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/16457"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/servlet/satellite?childpagename=us%2flayout\u0026packedargs=c%3dl_product_c2%26cid%3d1115416825841%26site%3dus\u0026pagename=linksys%2fcommon%2fvisitorwrapper"
},
{
"trust": 0.3,
"url": "/archive/1/408246"
},
{
"trust": 0.3,
"url": "/archive/1/408271"
},
{
"trust": 0.3,
"url": "/archive/1/408161"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/16457/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5549/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13798"
},
{
"db": "BID",
"id": "14566"
},
{
"db": "PACKETSTORM",
"id": "39447"
},
{
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13798"
},
{
"db": "BID",
"id": "14566"
},
{
"db": "PACKETSTORM",
"id": "39447"
},
{
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-08-17T00:00:00",
"db": "VULHUB",
"id": "VHN-13798"
},
{
"date": "2005-08-15T00:00:00",
"db": "BID",
"id": "14566"
},
{
"date": "2005-08-18T06:52:44",
"db": "PACKETSTORM",
"id": "39447"
},
{
"date": "2005-08-17T04:00:00",
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"date": "2005-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-13798"
},
{
"date": "2005-08-15T00:00:00",
"db": "BID",
"id": "14566"
},
{
"date": "2008-09-05T20:52:09.973000",
"db": "NVD",
"id": "CVE-2005-2589"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54GS Authentication bypass vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-177"
}
],
"trust": 0.6
}
}
VAR-200512-0266
Vulnerability from variot - Updated: 2023-12-18 13:30Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. Multiple Linksys devices are prone to a denial of service vulnerability. These devices are susceptible to a remote denial of service vulnerability when handling TCP 'LanD' packets. This issue allows remote attackers to crash affected devices, or to temporarily block further network routing functionality. This will deny further network services to legitimate users. Linksys BEFW11S4 and WRT54GS devices are reportedly affected by this issue. Due to code reuse among devices, other devices may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "4.70.6"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "4.50.6"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "1.4.3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "1.4.2.7"
},
{
"model": "befw11s4 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befw11s4 v4",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befw11s4 v4",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "befw11s4 v3",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3"
}
],
"sources": [
{
"db": "BID",
"id": "15861"
},
{
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:befw11s4:1.43.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befw11s4:1.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befw11s4_v3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befw11s4:1.4.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:4.70.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befw11s4:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:4.50.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befw11s4_v4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4257"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Justin M. Wray",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4257",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-15465",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-4257",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-315",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-15465",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15465"
},
{
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. Multiple Linksys devices are prone to a denial of service vulnerability. \nThese devices are susceptible to a remote denial of service vulnerability when handling TCP \u0027LanD\u0027 packets. \nThis issue allows remote attackers to crash affected devices, or to temporarily block further network routing functionality. This will deny further network services to legitimate users. \nLinksys BEFW11S4 and WRT54GS devices are reportedly affected by this issue. Due to code reuse among devices, other devices may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"db": "BID",
"id": "15861"
},
{
"db": "VULHUB",
"id": "VHN-15465"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15861",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2005-4257",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-315",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-15465",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15465"
},
{
"db": "BID",
"id": "15861"
},
{
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
]
},
"id": "VAR-200512-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-15465"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:30:55.570000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4257"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15861"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/group.asp?grid=23"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/servlet/satellite?childpagename=us%2flayout\u0026packedargs=c%3dl_product_c2%26cid%3d1115416825841%26site%3dus\u0026pagename=linksys%2fcommon%2fvisitorwrapper"
},
{
"trust": 0.3,
"url": "/archive/1/419520"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-15465"
},
{
"db": "BID",
"id": "15861"
},
{
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-15465"
},
{
"db": "BID",
"id": "15861"
},
{
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-15465"
},
{
"date": "2005-12-14T00:00:00",
"db": "BID",
"id": "15861"
},
{
"date": "2005-12-15T11:03:00",
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"date": "2005-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-15465"
},
{
"date": "2005-12-14T00:00:00",
"db": "BID",
"id": "15861"
},
{
"date": "2008-09-05T20:56:25.753000",
"db": "NVD",
"id": "CVE-2005-4257"
},
{
"date": "2005-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Various Linksys Router LanD Packet denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-315"
}
],
"trust": 0.6
}
}
VAR-200603-0053
Vulnerability from variot - Updated: 2023-12-18 12:47Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. DCC SEND, or (2) a DCC SEND with an IP address, port, and file size parameter value of 0. Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. This issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users. Linksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200603-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g v5",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "wrt54g v5",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wgt624",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.25"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.24"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.22"
},
{
"model": "rt-338",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "me102",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.4"
},
{
"model": "me102",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.3"
},
{
"model": "fvs318v2",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "2.4"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "2.4"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.3"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.2"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.1"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.0"
},
{
"model": "fm114p",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg834g",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg834 adsl firewall router",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "publisher 3f",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20021.40"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "4.70.6"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "4.50.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "wpc300n wireless-n notebook adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "-4.100.15.5"
},
{
"model": "wap55ag",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.0.7"
},
{
"model": "wap11",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.2"
},
{
"model": "wap11",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.4"
},
{
"model": "wap11",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.3"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.42.7"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.40.3"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.9"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"model": "etherfast befvp41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39.64"
},
{
"model": "etherfast befvp41 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.44"
},
{
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.42.7"
},
{
"model": "etherfast befsr81 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.7"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.37"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.36"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.35"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.05.00"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befn2ps4 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.4.3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.4.2.7"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.4"
},
{
"model": "befvp41 .3f",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.4"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2"
},
{
"model": "befsr81",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befsr41w",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befsr41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v1"
},
{
"model": "befn2ps4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befcmu10",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wrt54g v5",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g_v5:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1067"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ryanmeyer14@netscape.net discovered this issue. Both ryanmeyer14@netscape.net and \"Cade Cairns\" \u003ccairnsc@gmail.com\u003e disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "16954"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
],
"trust": 0.9
},
"cve": "CVE-2006-1067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-1318",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-17175",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-1067",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2006-1318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200603-107",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-17175",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. DCC SEND, or (2) a DCC SEND with an IP address, port, and file size parameter value of 0. Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. \nThis issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users. \nLinksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-17175"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1067",
"trust": 2.8
},
{
"db": "BID",
"id": "16954",
"trust": 2.6
},
{
"db": "BUGTRAQ",
"id": "20060306 RE: LINKSYS ROUTER + IRC DOS",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2006-1318",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20060304 VARIOUS ROUTER DOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060303 LINKSYS ROUTER + IRC DOS",
"trust": 0.6
},
{
"db": "XF",
"id": "25230",
"trust": 0.6
},
{
"db": "IVD",
"id": "CCDF0954-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-17175",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"id": "VAR-200603-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
}
],
"trust": 1.5009907
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
}
]
},
"last_update_date": "2023-12-18T12:47:09.542000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/16954"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/426863/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.hm2k.org/news/1141413208.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426761/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426756/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426934/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25230"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426934/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426761/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426756/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25230"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/support_main.asp"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/product.asp?prid=508\u0026scid=35"
},
{
"trust": 0.3,
"url": "/archive/1/426761"
},
{
"trust": 0.3,
"url": "/archive/1/426756"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-07T00:00:00",
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2006-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"date": "2006-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-17175"
},
{
"date": "2006-03-04T00:00:00",
"db": "BID",
"id": "16954"
},
{
"date": "2006-03-07T22:06:00",
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"date": "2006-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-17175"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "16954"
},
{
"date": "2018-10-18T16:30:32.073000",
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"date": "2006-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Multiple router denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
],
"trust": 0.8
}
}
VAR-201111-0178
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. A vulnerability exists in the UPnP IGD installation and enablement of multiple versions of the Broadcom UPnP stack on the Cisco Linksys WRT54G. This vulnerability is related to the "external forwarding" vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys wrt54gs router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.09.1"
},
{
"model": "linksys wrt54g router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.03.9"
},
{
"model": "linksys wrt54g router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.20.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.2"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.0"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "3.0"
},
{
"model": "linksys wrt54gs router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.06"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "4.0"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.0"
},
{
"model": "linksys wrt54gs router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.70.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "linksys wrt54g router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.20.8"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "linksys wrt54g router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "linksys wrt54gs router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wrt54g",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "firmware 4.30.5"
},
{
"model": "wrt54gs",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "v1 from v3 firmware 4.71.1"
},
{
"model": "wrt54gs",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "v4 firmware 1.06.1"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "linksys wrt54gs router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.70.6"
},
{
"model": "linksys wrt54g router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.20.8"
},
{
"model": "linksys wrt54gs router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.06"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:3.03.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:4.20.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.20.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:2.09.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.70.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4499"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4499",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52444",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4499",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-361",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52444",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. A vulnerability exists in the UPnP IGD installation and enablement of multiple versions of the Broadcom UPnP stack on the Cisco Linksys WRT54G. This vulnerability is related to the \"external forwarding\" vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4499",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5053",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52444",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"id": "VAR-201111-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
}
],
"trust": 1.4788191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5053"
}
]
},
"last_update_date": "2023-12-18T12:09:30.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5053)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6023"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.8,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4499"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4499"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52444"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:04.683000",
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"date": "2012-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52444"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2012-03-09T05:00:00",
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
],
"trust": 0.6
}
}
FKIE_CVE-2011-4499
Vulnerability from fkie_nvd - Published: 2011-11-22 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | linksys_wrt54g_router_firmware | * | |
| cisco | linksys_wrt54g_router_firmware | 3.03.9 | |
| cisco | linksys_wrt54g_router_firmware | 4.20.7 | |
| linksys | wrt54g | * | |
| linksys | wrt54g | 2.2 | |
| cisco | linksys_wrt54gs_router_firmware | * | |
| cisco | linksys_wrt54gs_router_firmware | 2.09.1 | |
| linksys | wrt54gs | 1.0 | |
| linksys | wrt54gs | 2.0 | |
| linksys | wrt54gs | 3.0 | |
| cisco | linksys_wrt54gs_router_firmware | * | |
| linksys | wrt54gs | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07169C87-D8A2-43A0-8F36-7307F8A53586",
"versionEndIncluding": "4.20.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:3.03.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31F69390-77E1-4122-8869-0D09F482F21A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:4.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCDBCE4-FC0D-4328-AC1D-97E45A222B31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBECE9D-7805-4521-A0B1-15F2755312B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54g:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C838786E-835E-42C9-A02E-90E29911280E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5EEE41-55BF-40CE-A0EB-1D83CC1B1340",
"versionEndIncluding": "4.70.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:2.09.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D58336D-0F52-46B4-B14D-490D1722CA66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6094DD-5683-42F8-B19A-899D8728F3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B90EA29-14A0-412C-B375-80F72FF0E50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3BD04C-B77D-4CF0-8EB8-9BDF2513C061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4582AD75-3093-443A-8770-F540A83E4B6A",
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9C1BA7-E192-4E61-B500-4F6C8FFA82A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de IGD UPnP de la pila UPnP Broadcom de Cisco Linksys WRT54G con firmware anterior a 4.30.5, de WRT54GS v1 hasta la versi\u00f3n v3 con firmware anterior a 4.71.1 y Wde RT54GS v4 con firmware anterior a 1.06.1 permite a atacantes remotos establecer \"mappings\" a puertos arbitrarios enviando una acci\u00f3n UPnP AddPortMapping en una petici\u00f3n SOAP a un interfaz WAN. Relacionado con una vulnerabilidad de \"direccionamiento externo\" (\"external forwarding\")."
}
],
"id": "CVE-2011-4499",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-22T11:55:04.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"source": "cve@mitre.org",
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.upnp-hacks.org/devices.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-4257
Vulnerability from fkie_nvd - Published: 2005-12-15 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:befw11s4:1.4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42622989-F386-4C7F-8F64-7C792075D980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:befw11s4:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F83131C-CE9B-4695-BF3D-A8D2C1AC7F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:befw11s4:1.43.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF81DAA9-0925-4BEB-B8B0-1B4BB075DBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:befw11s4:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "AAD7A2F3-5720-4BB6-BC2C-DF1073A58F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:befw11s4_v3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F86E88C1-8695-4836-BADA-D3F25F6DFF18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:befw11s4_v4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78BE65FC-259C-4AF2-AA4D-05F222BC7999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:4.50.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9761BB51-0CF6-45BE-9DF2-8953AB32CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:4.70.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1CDA3F-F8BB-4B4E-BFAE-2E091A308CE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID."
},
{
"lang": "es",
"value": "Linksys WRT54GS y BEFW11S4 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de dispositivo) mediante un paquete IP con los mismos IPs y puertos de origen y destino, y con la bandera SYN establecida (tcc LAND). NOTA: La proveniencia de esta cuesti\u00f3n es desconocida, los detalles son obtenidos exclusivamente de BID."
}
],
"id": "CVE-2005-4257",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-15T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15861"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-2589
Vulnerability from fkie_nvd - Published: 2005-08-17 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:4.50.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9761BB51-0CF6-45BE-9DF2-8953AB32CFA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption."
}
],
"id": "CVE-2005-2589",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-17T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16457"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1014721"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1014721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14566"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-4499 (GCVE-0-2011-4499)
Vulnerability from cvelistv5 – Published: 2011-11-22 11:00 – Updated: 2024-09-17 02:33
VLAI?
Summary
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-22T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.upnp-hacks.org/devices.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4499",
"datePublished": "2011-11-22T11:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:33:03.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4257 (GCVE-0-2005-4257)
Vulnerability from cvelistv5 – Published: 2005-12-15 11:00 – Updated: 2024-09-17 03:27
VLAI?
Summary
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-15T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4257",
"datePublished": "2005-12-15T11:00:00Z",
"dateReserved": "2005-12-15T00:00:00Z",
"dateUpdated": "2024-09-17T03:27:43.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2589 (GCVE-0-2005-2589)
Vulnerability from cvelistv5 – Published: 2005-08-17 04:00 – Updated: 2024-08-07 22:30
VLAI?
Summary
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14566"
},
{
"name": "1014721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014721"
},
{
"name": "20050815 Serious flaw in Linksys wireless AP password security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"name": "16457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14566"
},
{
"name": "1014721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014721"
},
{
"name": "20050815 Serious flaw in Linksys wireless AP password security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"name": "16457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14566"
},
{
"name": "1014721",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014721"
},
{
"name": "20050815 Serious flaw in Linksys wireless AP password security",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"name": "16457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2589",
"datePublished": "2005-08-17T04:00:00",
"dateReserved": "2005-08-17T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4499 (GCVE-0-2011-4499)
Vulnerability from nvd – Published: 2011-11-22 11:00 – Updated: 2024-09-17 02:33
VLAI?
Summary
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-22T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.upnp-hacks.org/devices.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4499",
"datePublished": "2011-11-22T11:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:33:03.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4257 (GCVE-0-2005-4257)
Vulnerability from nvd – Published: 2005-12-15 11:00 – Updated: 2024-09-17 03:27
VLAI?
Summary
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15861",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-15T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15861",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4257",
"datePublished": "2005-12-15T11:00:00Z",
"dateReserved": "2005-12-15T00:00:00Z",
"dateUpdated": "2024-09-17T03:27:43.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2589 (GCVE-0-2005-2589)
Vulnerability from nvd – Published: 2005-08-17 04:00 – Updated: 2024-08-07 22:30
VLAI?
Summary
Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14566"
},
{
"name": "1014721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014721"
},
{
"name": "20050815 Serious flaw in Linksys wireless AP password security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"name": "16457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14566"
},
{
"name": "1014721",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014721"
},
{
"name": "20050815 Serious flaw in Linksys wireless AP password security",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"name": "16457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14566"
},
{
"name": "1014721",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014721"
},
{
"name": "20050815 Serious flaw in Linksys wireless AP password security",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408161"
},
{
"name": "16457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2589",
"datePublished": "2005-08-17T04:00:00",
"dateReserved": "2005-08-17T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}