Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
References
Link | Resource |
---|---|
http://secunia.com/advisories/20183 | Vendor Advisory |
http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html | URL Repurposed |
http://www.securityview.org/how-does-the-upnp-flaw-works.html | URL Repurposed |
http://www.vupen.com/english/advisories/2006/1912 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-05-24T01:00:00
Updated: 2009-02-26T10:00:00
Reserved: 2006-05-23T00:00:00
Link: CVE-2006-2560
JSON object: View
NVD Information
Status : Analyzed
Published: 2006-05-24T01:02:00.000
Modified: 2024-02-14T01:17:43.863
Link: CVE-2006-2560
JSON object: View
Redhat Information
No data.
CWE