CVE-2006-2559
Linksys WRT54G - Unauthenticated Access Bypass via UPnP InternalClient Parameter
Title source: llmDescription
Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26707
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20161
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016134
URL Repurposed x_refsource_misc
http://www.securityview.org/how-does-the-upnp-flaw-works.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1909
URL Repurposed x_refsource_misc
http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html
Scores
EPSS
0.0055
EPSS Percentile
68.2%
Details
Status
published
Products (9)
linksys/wrt54g
1.42.3
linksys/wrt54g
2.00.8
linksys/wrt54g
2.02.7
linksys/wrt54g
2.04.4
linksys/wrt54g
2.04.4_non_default
linksys/wrt54g
3.01.3
linksys/wrt54g
3.03.6
linksys/wrt54g
4.00.7
linksys/wrt54g_v5
Published
May 24, 2006
Tracked Since
Feb 18, 2026