MidnightBSD

Advisories for sitecom

CVE-2006-2560 HIGH

Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
sitecom wl-153_router_firmware 1.31
sitecom wl-153 -
sitecom wl-153_router_firmware *
CVE-2011-4501 HIGH

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
canyon-tech cn-wf514 -
edimax 6114wg -
sitecom wl-153 -
canyon-tech cn-wf514_router_firmware 2.08
sweex lb000021_router_firmware 3.15
sweex lb000021 -
edimax 6114wg_router_firmware 1.83
edimax 6114wg_router_firmware 2.08
canyon-tech cn-wf512 -
sitecom wl-153_router_firmware 1.31
sitecom wl-153_router_firmware 1.34
canyon-tech cn-wf512_router_firmware 1.83
edimax br-6104k -
edimax br-6104k_router_firmware 3.21
CVE-2011-4502 HIGH

The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,

Products Affected

Vendor Product Version
canyon-tech cn-wf514 -
edimax 6114wg -
sitecom wl-153 -
canyon-tech cn-wf514_router_firmware 2.08
sweex lb000021_router_firmware 3.15
sweex lb000021 -
edimax 6114wg_router_firmware 1.83
edimax 6114wg_router_firmware 2.08
canyon-tech cn-wf512 -
sitecom wl-153_router_firmware 1.31
sitecom wl-153_router_firmware 1.34
canyon-tech cn-wf512_router_firmware 1.83
edimax br-6104k -
edimax br-6104k_router_firmware 3.21
CVE-2011-4503 HIGH

The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,

Products Affected

Vendor Product Version
broadcom broadcom_linux *
sitecom wl-111 -
CVE-2013-6786 MEDIUM

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sitecom wl-174 -
tp-link td-8816 -
dlink dsl-2640r -
zyxel p-660hw_d1 -
allegrosoft rompager *
huawei mt882 -
dlink dsl-2641r -
CVE-2024-40112

A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.9 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 2.5 3.4

Products Affected

Vendor Product Version
sitecom wlx-2006_firmware *
CVE-2024-40113

Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

Products Affected

Vendor Product Version
sitecom wlx-2006_firmware *
CVE-2024-40114

A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
sitecom wlx-2006_firmware *