CVE-2011-4502 - OpenCVE

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Sweex	Lb000021 Router Firmware Lb000021
Canyon-tech	Cn-wf512 Router Firmware Cn-wf512 Cn-wf514 Cn-wf514 Router Firmware
Edimax	6114wg Router Firmware Br-6104k Br-6104k Router Firmware 6114wg
Sitecom	Wl-153 Wl-153 Router Firmware

Configuration 1 [-]

AND

cpe:2.3:o:edimax:br-6104k_router_firmware:3.21:*:*:*:*:*:*:*

cpe:2.3:h:edimax:br-6104k:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:canyon-tech:cn-wf512_router_firmware:1.83:::::::*
	cpe:2.3:o:canyon-tech:cn-wf514_router_firmware:2.08:::::::*

OR	cpe:2.3:h:canyon-tech:cn-wf512:-:::::::*
	cpe:2.3:h:canyon-tech:cn-wf514:-:::::::*

Configuration 3 [-]

AND

OR	cpe:2.3:o:edimax:6114wg_router_firmware:1.83:::::::*
	cpe:2.3:o:edimax:6114wg_router_firmware:2.08:::::::*

cpe:2.3:h:edimax:6114wg:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:sitecom:wl-153_router_firmware:1.31:::::::*
	cpe:2.3:o:sitecom:wl-153_router_firmware:1.34:::::::*

cpe:2.3:h:sitecom:wl-153:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:sweex:lb000021_router_firmware:3.15:*:*:*:*:*:*:*

cpe:2.3:h:sweex:lb000021:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.kb.cert.org/vuls/id/357851	US Government Resource
http://www.upnp-hacks.org/devices.html
http://www.upnp-hacks.org/suspect.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:13

Updated: 2022-10-03T16:15:13

Reserved: 2022-10-03T00:00:00

Link: CVE-2011-4502

JSON object: View

NVD Information

Status : Analyzed

Published: 2011-11-22T11:55:05.043

Modified: 2013-01-24T05:00:00.000

Link: CVE-2011-4502

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:15:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.upnp-hacks.org/devices.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.upnp-hacks.org/suspect.html"}, {"name": "VU#357851", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/357851"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4502", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.upnp-hacks.org/devices.html", "refsource": "MISC", "url": "http://www.upnp-hacks.org/devices.html"}, {"name": "http://www.upnp-hacks.org/suspect.html", "refsource": "MISC", "url": "http://www.upnp-hacks.org/suspect.html"}, {"name": "VU#357851", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/357851"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-4502", "datePublished": "2022-10-03T16:15:13", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:15:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:br-6104k_router_firmware:3.21:*:*:*:*:*:*:*", "matchCriteriaId": "8D45ACA8-D8A4-4354-8B7D-ADE3330C9BEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:br-6104k:-:*:*:*:*:*:*:*", "matchCriteriaId": "160DBE73-D5FA-4A1B-809B-A923E8F39A64", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canyon-tech:cn-wf512_router_firmware:1.83:*:*:*:*:*:*:*", "matchCriteriaId": "2EF3228F-22AC-4C90-998F-CA234E04C93E", "vulnerable": true}, {"criteria": "cpe:2.3:o:canyon-tech:cn-wf514_router_firmware:2.08:*:*:*:*:*:*:*", "matchCriteriaId": "6EB70515-F398-492F-8F99-6572EF3A41AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:canyon-tech:cn-wf512:-:*:*:*:*:*:*:*", "matchCriteriaId": "85C0B475-BCF0-4370-AB61-CB30567B1394", "vulnerable": true}, {"criteria": "cpe:2.3:h:canyon-tech:cn-wf514:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9833088-083B-44BE-82B4-EA41E1902255", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:edimax:6114wg_router_firmware:1.83:*:*:*:*:*:*:*", "matchCriteriaId": "A6C80B5C-7882-4780-A4B5-5D00BD779EC0", "vulnerable": true}, {"criteria": "cpe:2.3:o:edimax:6114wg_router_firmware:2.08:*:*:*:*:*:*:*", "matchCriteriaId": "72E44F32-FFCA-4FE0-B6B6-B21FE1D9690A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:edimax:6114wg:-:*:*:*:*:*:*:*", "matchCriteriaId": "028C6A7D-22A5-47B8-BE81-75AE2A94EBF2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sitecom:wl-153_router_firmware:1.31:*:*:*:*:*:*:*", "matchCriteriaId": "DDD603E5-B223-4ABC-A3B8-E1925699701B", "vulnerable": true}, {"criteria": "cpe:2.3:o:sitecom:wl-153_router_firmware:1.34:*:*:*:*:*:*:*", "matchCriteriaId": "5132DF5B-C8BE-4B63-9C23-771014E91091", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sitecom:wl-153:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBED964D-46D2-4359-91A9-E2A2D4D719A3", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sweex:lb000021_router_firmware:3.15:*:*:*:*:*:*:*", "matchCriteriaId": "3BE22FB4-E8B4-4DF5-AE4C-CEDE18FAE681", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sweex:lb000021:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E0E3D83-38D0-42A8-90AC-C0CAF453ED53", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters."}, {"lang": "es", "value": "La implementaci\u00f3n de UPnP IGD en Edimax EdiLinux en el Edimax BR-6104K con firmware anterior a v3.25 Edimax 6114Wg, Canyon-Tech CN-WF512 con firmware anterior a v1.83, Canyon-Tech CN-WF514 con firmware anterior a v2.08, Sitecom WL-153 con firmware anterior a v1.39, y Sweex LB000021 con firmware anterior a v3.15, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaracteres shell."}], "id": "CVE-2011-4502", "lastModified": "2013-01-24T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-11-22T11:55:05.043", "references": [{"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/357851"}, {"source": "cve@mitre.org", "url": "http://www.upnp-hacks.org/devices.html"}, {"source": "cve@mitre.org", "url": "http://www.upnp-hacks.org/suspect.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}