Researchers Find Serious Security Flaws in Universal Plug and Play

[Chiefcrowe]

http://www.wired.com/threatlevel/201...security-flaws

[dawks]

Hmm, UPnP has been a huge security problem since it was introduced, but the fact that its accessible/exploitable from the public internet is astonishing. I wonder how many routers will respond to UPnP commands, even when UPnP is 'disabled'. Some routers sill respond to WPS even when its 'disabled'.

[VirtualLarry]

Wow, I wonder if the UPnP code used by Tomato and DD-WRT is vulnerable or not? At least, if it is, it's sure to be fixed fairly quickly.

[sao123]

hmm... tool to detect if your UPnP is affected requires another affected software...

Cant say im inclined to install Java just to run this tool.

[Mark R]

Javaless scan

[_Rick_]

Quote:

Originally Posted by VirtualLarry

Wow, I wonder if the UPnP code used by Tomato and DD-WRT is vulnerable or not? At least, if it is, it's sure to be fixed fairly quickly.

Mini-UPnP is supposedly safer from version 1.4 on.
1.0 release has been the main culprit, and is probably on both those distributions.
As long as you don't run the UPnP on the external interface, you should be safe though.

[mechBgon]

Here's a list (undoubtedly not definitive) of more affected routers and devices:

http://blog.defensecode.com/2013/02/...ory-cisco.html

Tons of brands listed there, skim down for yours.

On a similar note, D-Link has some routers that are vulnerable to rooting and code execution by unauthenticated attackers. More info here: http://news.softpedia.com/news/Vulne...e-327246.shtml

Quote:

D-Link has been notified of the problem, but the company doesn’t plan on doing anything about it, arguing that “this is a security problem from the user and/or browser.”

Wow. Guess I know one brand to never consider buying...

[redbleed]

Google grc shields up. The site has the ability to check your UPnP router vulnerability. No download required.

[blankslate]

Quote:

Originally Posted by redbleed

Google grc shields up. The site has the ability to check your UPnP router vulnerability. No download required.

I went to that site since I last used to to check for open ports on a Vista Firewall behind a Netgear router and it showed up clean....

It might be because I went through the router settings and made sure to turn off things that I didn't need. UPnP might have been one of then.

I also have the UPnP service set to disabled as well.

[MrColin]

Quote:

Originally Posted by VirtualLarry

Wow, I wonder if the UPnP code used by Tomato and DD-WRT is vulnerable or not? At least, if it is, it's sure to be fixed fairly quickly.

It looks like most open source implementations are affected. There's a thread on the DD-WRT forum about it. I don't know about tomato but I don't think it will be patched for the freely distributed dd-wrt very soon.

[JBT]

Rapid7's scan said my Tomato USB router is protected.