Go Back   AnandTech Forums > Software > Security

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2013
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 01-29-2013, 04:45 PM   #1
Chiefcrowe
Diamond Member
 
Chiefcrowe's Avatar
 
Join Date: Sep 2008
Posts: 3,512
Default Researchers Find Serious Security Flaws in Universal Plug and Play

http://www.wired.com/threatlevel/201...security-flaws
Chiefcrowe is offline   Reply With Quote
Old 01-30-2013, 09:28 AM   #2
dawks
Diamond Member
 
Join Date: Oct 1999
Posts: 5,028
Default

Hmm, UPnP has been a huge security problem since it was introduced, but the fact that its accessible/exploitable from the public internet is astonishing. I wonder how many routers will respond to UPnP commands, even when UPnP is 'disabled'. Some routers sill respond to WPS even when its 'disabled'.
dawks is offline   Reply With Quote
Old 01-30-2013, 03:52 PM   #3
VirtualLarry
Lifer
 
VirtualLarry's Avatar
 
Join Date: Aug 2001
Posts: 25,107
Default

Wow, I wonder if the UPnP code used by Tomato and DD-WRT is vulnerable or not? At least, if it is, it's sure to be fixed fairly quickly.
__________________
Rig(s) not listed, because I change computers, like some people change their socks.
ATX is for poor people. And 'gamers.' - phucheneh
haswell is bulldozer... - aigomorla
"DON'T BUY INTEL, they will send secret signals down the internet, which
will considerably slow down your computer". - SOFTengCOMPelec
VirtualLarry is offline   Reply With Quote
Old 01-30-2013, 05:06 PM   #4
sao123
Lifer
 
sao123's Avatar
 
Join Date: May 2002
Location: Steeler Nation
Posts: 11,939
Default

hmm... tool to detect if your UPnP is affected requires another affected software...

Cant say im inclined to install Java just to run this tool.
__________________
Quote:
Originally posted by: Eaglekeeper
Most anyone in the US that grew up in the city/inner city does not have the skills/knowledge to properly survive off the land.

Originally posted by: Dank69
It's (expletive deleted) easy. Throw seeds on the ground. Plants sprout. Pick hamburgers. Repeat.
sao123 is offline   Reply With Quote
Old 01-30-2013, 06:43 PM   #5
Mark R
Diamond Member
 
Mark R's Avatar
 
Join Date: Oct 1999
Posts: 8,175
Default

Javaless scan
Mark R is offline   Reply With Quote
Old 01-31-2013, 09:06 AM   #6
_Rick_
Diamond Member
 
_Rick_'s Avatar
 
Join Date: Apr 2012
Posts: 3,200
Default

Quote:
Originally Posted by VirtualLarry View Post
Wow, I wonder if the UPnP code used by Tomato and DD-WRT is vulnerable or not? At least, if it is, it's sure to be fixed fairly quickly.
Mini-UPnP is supposedly safer from version 1.4 on.
1.0 release has been the main culprit, and is probably on both those distributions.
As long as you don't run the UPnP on the external interface, you should be safe though.
_Rick_ is offline   Reply With Quote
Old 02-10-2013, 02:49 PM   #7
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,699
Default

Here's a list (undoubtedly not definitive) of more affected routers and devices:

http://blog.defensecode.com/2013/02/...ory-cisco.html

Tons of brands listed there, skim down for yours.

On a similar note, D-Link has some routers that are vulnerable to rooting and code execution by unauthenticated attackers. More info here: http://news.softpedia.com/news/Vulne...e-327246.shtml

Quote:
D-Link has been notified of the problem, but the company doesn’t plan on doing anything about it, arguing that “this is a security problem from the user and/or browser.”
Wow. Guess I know one brand to never consider buying...
mechBgon is offline   Reply With Quote
Old 02-10-2013, 08:40 PM   #8
redbleed
Junior Member
 
Join Date: Feb 2013
Posts: 12
Default

Google grc shields up. The site has the ability to check your UPnP router vulnerability. No download required.
redbleed is offline   Reply With Quote
Old 02-11-2013, 03:50 PM   #9
blankslate
Diamond Member
 
blankslate's Avatar
 
Join Date: Jun 2008
Posts: 4,979
Default

Quote:
Originally Posted by redbleed View Post
Google grc shields up. The site has the ability to check your UPnP router vulnerability. No download required.
I went to that site since I last used to to check for open ports on a Vista Firewall behind a Netgear router and it showed up clean....

It might be because I went through the router settings and made sure to turn off things that I didn't need. UPnP might have been one of then.

I also have the UPnP service set to disabled as well.
__________________
"They remind us that where free unions and collective bargaining are forbidden, freedom is lost." ~Ronald Reagan

Dropkick Murphys - Workers Song http://www.youtube.com/watch?v=AQfGTDyjVSE
blankslate is offline   Reply With Quote
Old 02-18-2013, 05:24 PM   #10
MrColin
Platinum Member
 
MrColin's Avatar
 
Join Date: May 2003
Posts: 2,182
Default

Quote:
Originally Posted by VirtualLarry View Post
Wow, I wonder if the UPnP code used by Tomato and DD-WRT is vulnerable or not? At least, if it is, it's sure to be fixed fairly quickly.
It looks like most open source implementations are affected. There's a thread on the DD-WRT forum about it. I don't know about tomato but I don't think it will be patched for the freely distributed dd-wrt very soon.
__________________
"Your heart is in the right place. But still, you are a very disturbed individual."

-Xionide
MrColin is offline   Reply With Quote
Old 02-21-2013, 07:48 PM   #11
JBT
Lifer
 
Join Date: Nov 2001
Location: AZ
Posts: 11,843
Default

Rapid7's scan said my Tomato USB router is protected.
__________________
Intel i5 2500K @ 4.4GHz | 256GB Samsung 830 SSD | AsRock Z68 Extreme 3 Gen 3| Asus R9 290 DCUII @ 1000 core / 1500 memory | 2x Seagate 1.5 TB HDD's in RAID1 | CoolMaster 750 watt |2 x 4GB GSkill RipSaw DDR3 1600 |
HEAT
NXT Address: 3697153996474214336
My journey from Beast to BEAST!
JBT is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:40 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.