Sign-up

ID

VAR-200605-0265


CVE

CVE-2006-2559


TITLE

Linksys WRT54G Wireless-G Broadband Router UPnP Request Access Control Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-3375

DESCRIPTION

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. WRT54G v4.0 is prone to a security bypass vulnerability. TITLE: Linksys WRT54G UPnP Port Mapping Vulnerability SECUNIA ADVISORY ID: SA20161 VERIFY ADVISORY: http://secunia.com/advisories/20161/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/ DESCRIPTION: Armijn Hemel has reported a vulnerability in Linksys WRT54G, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to missing authentication of UPnP AddPortMapping requests and missing validation of the InternalClient parameter of the request. This can be exploited by hosts on the local network to configure port forwarding settings on the device to forward incoming traffic to arbitrary hosts without requiring authentication. Successful exploitation may allow the device to be configured to forward traffic that is received on specific ports on the external interface to another host on the Internet. SOLUTION: Update to firmware version 1.00.9. http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1127782957298&pagename=Linksys%2FCommon%2FVisitorWrapper PROVIDED AND/OR DISCOVERED BY: Armijn Hemel ORIGINAL ADVISORY: http://www.securityview.org/how-does-the-upnp-flaw-works.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.89

sources: NVD: CVE-2006-2559 // CNVD: CNVD-2006-3375 // BID: 87619 // VULHUB: VHN-18667 // PACKETSTORM: 46538

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-3375

AFFECTED PRODUCTS

vendor:linksysmodel:wrt54gscope:eqversion:2.02.7

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:3.03.6

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:3.01.3

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:2.00.8

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:2.04.4

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:2.04.4_non_default

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:4.00.7

Trust: 1.6

vendor:linksysmodel:wrt54gscope:eqversion:1.42.3

Trust: 1.6

vendor:linksysmodel:wrt54g v5scope:eqversion:*

Trust: 1.0

vendor:wrt54gmodel:linksysscope:eqversion:1.42.3

Trust: 0.6

vendor:wrt54gmodel:linksysscope:eqversion:2.00.8

Trust: 0.6

vendor:wrt54gmodel:linksysscope:eqversion:2.02.7

Trust: 0.6

vendor:wrt54gmodel:linksysscope:eqversion:2.04.4

Trust: 0.6

vendor:wrt54gmodel:linksys 2.04.4 non defaultscope: - version: -

Trust: 0.6

vendor:wrt54gmodel:linksysscope:eqversion:3.01.3

Trust: 0.6

vendor:wrt54gmodel:linksysscope:eqversion:3.03.6

Trust: 0.6

vendor:linksysmodel:wrt54g v5scope: - version: -

Trust: 0.6

vendor:linksysmodel:wrt54gscope:eqversion:v4.04.0.7

Trust: 0.3

vendor:linksysmodel:wrt54gscope:eqversion:v3.03.3.6

Trust: 0.3

vendor:linksysmodel:wrt54gscope:eqversion:v2.02.00.8

Trust: 0.3

vendor:linksysmodel:wrt54g non defaultscope:eqversion:v1.02.04.4

Trust: 0.3

sources: CNVD: CNVD-2006-3375 // BID: 87619 // CNNVD: CNNVD-200605-446 // NVD: CVE-2006-2559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2559
value: HIGH

Trust: 1.0

CNVD: CNVD-2006-3375
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200605-446
value: HIGH

Trust: 0.6

VULHUB: VHN-18667
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-2559
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-3375
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-18667
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-3375 // VULHUB: VHN-18667 // CNNVD: CNNVD-200605-446 // NVD: CVE-2006-2559

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-446

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200605-446

EXTERNAL IDS

db:NVDid:CVE-2006-2559

Trust: 2.6

db:SECUNIAid:20161

Trust: 2.4

db:SECTRACKid:1016134

Trust: 2.0

db:VUPENid:ADV-2006-1909

Trust: 1.7

db:XFid:26707

Trust: 0.9

db:CNNVDid:CNNVD-200605-446

Trust: 0.7

db:CNVDid:CNVD-2006-3375

Trust: 0.6

db:BIDid:87619

Trust: 0.4

db:VULHUBid:VHN-18667

Trust: 0.1

db:PACKETSTORMid:46538

Trust: 0.1

sources: CNVD: CNVD-2006-3375 // VULHUB: VHN-18667 // BID: 87619 // PACKETSTORM: 46538 // CNNVD: CNNVD-200605-446 // NVD: CVE-2006-2559

REFERENCES

url:http://secunia.com/advisories/20161

Trust: 2.3

url:http://www.securityview.org/how-does-the-upnp-flaw-works.html

Trust: 2.1

url:http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html

Trust: 2.0

url:http://securitytracker.com/id?1016134

Trust: 2.0

url:http://www.vupen.com/english/advisories/2006/1909

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26707

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/26707

Trust: 0.9

url:http://www.frsirt.com/english/advisories/2006/1909

Trust: 0.6

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://www.linksys.com/servlet/satellite?c=l_download_c2&childpagename=us%2flayout&cid=1115417109974&packedargs=sku%3d1127782957298&pagename=linksys%2fcommon%2fvisitorwrapper

Trust: 0.1

url:http://secunia.com/product/3523/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/20161/

Trust: 0.1

sources: CNVD: CNVD-2006-3375 // VULHUB: VHN-18667 // BID: 87619 // PACKETSTORM: 46538 // CNNVD: CNNVD-200605-446 // NVD: CVE-2006-2559

CREDITS

Unknown

Trust: 0.3

sources: BID: 87619

SOURCES

db:CNVDid:CNVD-2006-3375
db:VULHUBid:VHN-18667
db:BIDid:87619
db:PACKETSTORMid:46538
db:CNNVDid:CNNVD-200605-446
db:NVDid:CVE-2006-2559

LAST UPDATE DATE

2024-08-14T14:22:44.517000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-3375date:2006-05-23T00:00:00
db:VULHUBid:VHN-18667date:2017-07-20T00:00:00
db:BIDid:87619date:2006-05-23T00:00:00
db:CNNVDid:CNNVD-200605-446date:2006-05-24T00:00:00
db:NVDid:CVE-2006-2559date:2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-3375date:2006-05-23T00:00:00
db:VULHUBid:VHN-18667date:2006-05-24T00:00:00
db:BIDid:87619date:2006-05-23T00:00:00
db:PACKETSTORMid:46538date:2006-05-23T05:09:34
db:CNNVDid:CNNVD-200605-446date:2006-05-23T00:00:00
db:NVDid:CVE-2006-2559date:2006-05-24T01:02:00