PT-2011-4969 · Thomson · Speedtouch
Daniel Garcia
·
Published
2011-11-22
·
Updated
2012-03-08
·
CVE-2011-4505
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SpeedTouch 5x6 devices with firmware prior to 6.2.29
Description
The issue allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface. This is related to an external forwarding issue.
Recommendations
For SpeedTouch 5x6 devices with firmware prior to 6.2.29, update the firmware to version 6.2.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the WAN interface to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Speedtouch