Daniel Garcia

**Name of the Vulnerable Software and Affected Versions** Cisco Linksys WRT54G versions prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 versions prior to 4.71.1 Cisco Linksys WRT54GS v4 versions prior to 1.06.1 **Description** The issue allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface. This is related to an external forwarding issue. **Recommendations** For Cisco Linksys WRT54G versions prior to 4.30.5, update to firmware version 4.30.5 or later. For Cisco Linksys WRT54GS v1 through v3 versions prior to 4.71.1, update to firmware version 4.71.1 or later. For Cisco Linksys WRT54GS v4 versions prior to 1.06.1, update to firmware version 1.06.1 or later.

**Name of the Vulnerable Software and Affected Versions** Edimax BR-6104K versions prior to 3.25 Edimax 6114Wg version not specified Canyon-Tech CN-WF512 version 1.83 Canyon-Tech CN-WF514 version 2.08 Sitecom WL-153 versions prior to 1.39 Sweex LB000021 version 3.15 **Description** The issue allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. **Recommendations** For Edimax BR-6104K, update to firmware version 3.25 or later. For Edimax 6114Wg, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Canyon-Tech CN-WF512, consider disabling the UPnP functionality until a patch is available. For Canyon-Tech CN-WF514, consider disabling the UPnP functionality until a patch is available. For Sitecom WL-153, update to firmware version 1.39 or later. For Sweex LB000021, consider disabling the UPnP functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SpeedTouch 5x6 devices with firmware prior to 6.2.29 **Description** The issue allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface. This is related to an external forwarding issue. **Recommendations** For SpeedTouch 5x6 devices with firmware prior to 6.2.29, update the firmware to version 6.2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the WAN interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thomson TG585 firmware versions prior to 7.4.3.2 **Description** The issue allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an external forwarding issue. **Recommendations** For firmware versions prior to 7.4.3.2, update to firmware version 7.4.3.2 or later to resolve the issue.