Vulnerability Details : CVE-2011-4502
The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters.
Exploit prediction scoring system (EPSS) score for CVE-2011-4502
Probability of exploitation activity in the next 30 days: 0.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4502
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-4502
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4502
-
http://www.kb.cert.org/vuls/id/357851
VU#357851 - UPnP requests accepted over router WAN interfacesUS Government Resource
-
http://www.upnp-hacks.org/devices.html
UPnP Hacks: Vulnerable UPnP IGD devices
-
http://www.upnp-hacks.org/suspect.html
UPnP Hacks: Possibly vulnerable devices
Products affected by CVE-2011-4502
- cpe:2.3:h:edimax:br-6104k:-:*:*:*:*:*:*:*
- cpe:2.3:h:edimax:6114wg:-:*:*:*:*:*:*:*
- cpe:2.3:o:edimax:br-6104k_router_firmware:3.21:*:*:*:*:*:*:*
- cpe:2.3:o:edimax:6114wg_router_firmware:1.83:*:*:*:*:*:*:*
- cpe:2.3:o:edimax:6114wg_router_firmware:2.08:*:*:*:*:*:*:*
- cpe:2.3:h:sweex:lb000021:-:*:*:*:*:*:*:*
- cpe:2.3:o:sweex:lb000021_router_firmware:3.15:*:*:*:*:*:*:*
- cpe:2.3:h:sitecom:wl-153:-:*:*:*:*:*:*:*
- cpe:2.3:o:sitecom:wl-153_router_firmware:1.31:*:*:*:*:*:*:*
- cpe:2.3:o:sitecom:wl-153_router_firmware:1.34:*:*:*:*:*:*:*
- cpe:2.3:h:canyon-tech:cn-wf514:-:*:*:*:*:*:*:*
- cpe:2.3:h:canyon-tech:cn-wf512:-:*:*:*:*:*:*:*
- cpe:2.3:o:canyon-tech:cn-wf512_router_firmware:1.83:*:*:*:*:*:*:*
- cpe:2.3:o:canyon-tech:cn-wf514_router_firmware:2.08:*:*:*:*:*:*:*