CVE-2011-4499
Cisco Linksys WRT54G and WRT54GS - Unauthenticated Arbitrary Port Mapping via UPnP AddPortMapping Action
Title source: llmDescription
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://www.upnp-hacks.org/devices.html
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/357851
Scores
EPSS
0.0047
EPSS Percentile
65.0%
Details
CWE
CWE-16
Status
published
Products (11)
cisco/linksys_wrt54g_router_firmware
3.03.9
cisco/linksys_wrt54g_router_firmware
4.20.7
cisco/linksys_wrt54g_router_firmware
< 4.20.8
cisco/linksys_wrt54gs_router_firmware
2.09.1
cisco/linksys_wrt54gs_router_firmware
< 4.70.6
linksys/wrt54g
linksys/wrt54g
2.2
linksys/wrt54gs
1.0
linksys/wrt54gs
2.0
linksys/wrt54gs
3.0
... and 1 more
Published
Nov 22, 2011
Tracked Since
Feb 18, 2026