CVE-2011-4504

Description

The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

Affected products

• genmei_mori / pseudoics0.1 – 0.1
• genmei_mori / pseudoics0.2 – 0.2
• genmei_mori / pseudoics0.3 – 0.3
• Zyxel / p-330w_router

References

• MISChttp://www.upnp-hacks.org/suspect.html
• MISChttp://www.kb.cert.org/vuls/id/357851