CVE-2006-2560

Name of the Vulnerable Software and Affected Versions Sitecom WL-153 router firmware versions prior to 1.38

Description The issue allows remote attackers to bypass access restrictions and conduct unauthorized operations. This is achieved via a UPnP request with a modified InternalClient parameter, which is not validated. For example, an attacker can use the AddPortMapping function to forward arbitrary traffic.

Recommendations For versions prior to 1.38, update the firmware to version 1.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the UPnP functionality until the update is applied. Avoid using the AddPortMapping function in the affected API endpoint until the issue is resolved.