External Forwarding Vulnerability in Edimax and Canyon-Tech Devices
CVE-2011-4501

Currently unrated

Key Information:

Vendor: Edimax
Status: Br-6104k Router Firmware; Br-6104k
Vendor: CVE Published:; 22 November 2011

What is CVE-2011-4501?

The UPnP IGD implementation in various Edimax and Canyon-Tech devices has a flaw allowing remote attackers to exploit the UPnP AddPortMapping action. By sending a specially crafted SOAP request to the WAN interface, an attacker can establish arbitrary port mappings, potentially leading to unauthorized access to internal network resources and compromising device security. This vulnerability affects multiple firmware versions and requires immediate attention to secure the affected devices.

References

http://www.upnp-hacks.org/devices.html

x_refsource_MISC

http://www.upnp-hacks.org/suspect.html

x_refsource_MISC

http://www.kb.cert.org/vuls/id/357851

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 22, 2011