7.5

CVE-2006-2559

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinksysWrt54g Version1.42.3
LinksysWrt54g Version2.00.8
LinksysWrt54g Version2.02.7
LinksysWrt54g Version2.04.4
LinksysWrt54g Version2.04.4_non_default
LinksysWrt54g Version3.01.3
LinksysWrt54g Version3.03.6
LinksysWrt54g Version4.00.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.7% 0.743
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/20161
Patch
Vendor Advisory
http://securitytracker.com/id?1016134
http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html
URL Repurposed
http://www.securityview.org/how-does-the-upnp-flaw-works.html
URL Repurposed
http://www.vupen.com/english/advisories/2006/1909
https://exchange.xforce.ibmcloud.com/vulnerabilities/26707