CVE-2011-4499

high

Cisco

CVSS v3 Base Score

7.5

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS Score

0.5%

Exploitation probability in 30 days

Top 35% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: November 22, 2011 (5287 days ago)

Last Modified: April 29, 2026

Vendor: Cisco

Source: NVD

Description

The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

CWE

CWE-16

Affected Products

cisco linksys wrt54g router firmwarelinksys wrt54gcisco linksys wrt54gs router firmwarelinksys wrt54gs

References

🔗 www.kb.cert.org 🔗 www.upnp-hacks.org 🔗 www.kb.cert.org 🔗 www.upnp-hacks.org

CVE-2011-4499

Vulnerability Report

Description

CWE

Affected Products

References