CVE-2011-4500 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Cisco	Linksys Wrt54Gx Router Firmware	2.00.05
Linksys	Wrt54Gx	2.0

Related Weaknesses (CWE)

CWE-16

References

http://www.kb.cert.org/vuls/id/357851US Government Resource
http://www.upnp-hacks.org/devices.html
http://www.kb.cert.org/vuls/id/357851US Government Resource
http://www.upnp-hacks.org/devices.html

FAQ

What is CVE-2011-4500?

CVE-2011-4500 is a vulnerability with a CVSS score of 7.5 (HIGH). The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer ...

How severe is CVE-2011-4500?

CVE-2011-4500 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-4500?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Linksys Wrt54Gx Router Firmware, Linksys Wrt54Gx.