CVEブラウザに戻る

CVE-2006-2559

HIGH

7.5

CVSS Severity Score

EPSS Score0.1060%

EPSS Percentile6.79th

Published2006年5月24日

Last Modified2026年4月16日

Vulnerability Description

Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

Affected Platforms (CPE)

🔌

Linksys

Wrt54g

= 1.42.3

🔌

Linksys

Wrt54g

= 2.00.8

🔌

Linksys

Wrt54g

= 2.02.7

🔌

Linksys

Wrt54g

= 2.04.4

🔌

Linksys

Wrt54g

= 2.04.4_non_default

🔌

Linksys

Wrt54g

= 3.01.3

🔌

Linksys

Wrt54g

= 3.03.6

🔌

Linksys

Wrt54g

= 4.00.7

🔌

Linksys

Wrt54g V5

All versions

References & Advisories

🔗 http://secunia.com/advisories/20161

🔗 http://securitytracker.com/id?1016134

🔗 http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html

🔗 http://www.securityview.org/how-does-the-upnp-flaw-works.html

🔗 http://www.vupen.com/english/advisories/2006/1909

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/26707

🔗 http://secunia.com/advisories/20161

🔗 http://securitytracker.com/id?1016134

関連する脆弱性情報

CVE-2008-124710.0

The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allo...

CVE-2008-126810.0

The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote...

CVE-2008-12657.8

The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password t...

CVE-2005-27997.5

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers...