Researchers Find Serious Security Flaws in Universal Plug and Play

Discussion in 'Security' started by Chiefcrowe, Jan 29, 2013.

  1. Chiefcrowe

    Chiefcrowe Diamond Member

    Joined:
    Sep 15, 2008
    Messages:
    4,395
    Likes Received:
    10
  2. Loading...

    Similar Threads - Researchers Find Security Forum Date
    Huge Security Issue found in Cloudlfare - Reset all your passwords Security Yesterday at 3:29 AM
    Additional security check is required Security Jan 28, 2017
    Apple Releases Critical Security Updates Security Jan 23, 2017

  3. dawks

    dawks Diamond Member

    Joined:
    Oct 9, 1999
    Messages:
    5,059
    Likes Received:
    2
    Hmm, UPnP has been a huge security problem since it was introduced, but the fact that its accessible/exploitable from the public internet is astonishing. I wonder how many routers will respond to UPnP commands, even when UPnP is 'disabled'. Some routers sill respond to WPS even when its 'disabled'.
     
  4. VirtualLarry

    VirtualLarry Lifer

    Joined:
    Aug 25, 2001
    Messages:
    35,731
    Likes Received:
    570
    Wow, I wonder if the UPnP code used by Tomato and DD-WRT is vulnerable or not? At least, if it is, it's sure to be fixed fairly quickly.
     
  5. sao123

    sao123 Lifer

    Joined:
    May 27, 2002
    Messages:
    12,258
    Likes Received:
    2
    hmm... tool to detect if your UPnP is affected requires another affected software...

    Cant say im inclined to install Java just to run this tool.
     
  6. Mark R

    Mark R Diamond Member

    Joined:
    Oct 9, 1999
    Messages:
    8,497
    Likes Received:
    0
  7. _Rick_

    _Rick_ Diamond Member

    Joined:
    Apr 20, 2012
    Messages:
    3,652
    Likes Received:
    3
    Mini-UPnP is supposedly safer from version 1.4 on.
    1.0 release has been the main culprit, and is probably on both those distributions.
    As long as you don't run the UPnP on the external interface, you should be safe though.
     
  8. mechBgon

    mechBgon Super Moderator<br>Elite Member

    Joined:
    Oct 31, 1999
    Messages:
    30,699
    Likes Received:
    0
    Here's a list (undoubtedly not definitive) of more affected routers and devices:

    http://blog.defensecode.com/2013/02/defensecode-security-advisory-cisco.html

    Tons of brands listed there, skim down for yours.

    On a similar note, D-Link has some routers that are vulnerable to rooting and code execution by unauthenticated attackers. More info here: http://news.softpedia.com/news/Vuln...ackers-to-Execute-Malicious-Code-327246.shtml

    Wow. Guess I know one brand to never consider buying... :hmm:
     
  9. redbleed

    redbleed Junior Member

    Joined:
    Feb 10, 2013
    Messages:
    12
    Likes Received:
    0
    Google grc shields up. The site has the ability to check your UPnP router vulnerability. No download required.
     
  10. blankslate

    blankslate Diamond Member

    Joined:
    Jun 16, 2008
    Messages:
    7,273
    Likes Received:
    32
    I went to that site since I last used to to check for open ports on a Vista Firewall behind a Netgear router and it showed up clean....

    It might be because I went through the router settings and made sure to turn off things that I didn't need. UPnP might have been one of then.

    I also have the UPnP service set to disabled as well.
     
  11. MrColin

    MrColin Platinum Member

    Joined:
    May 21, 2003
    Messages:
    2,394
    Likes Received:
    1
    It looks like most open source implementations are affected. There's a thread on the DD-WRT forum about it. I don't know about tomato but I don't think it will be patched for the freely distributed dd-wrt very soon.
     
  12. JBT

    JBT Lifer

    Joined:
    Nov 28, 2001
    Messages:
    12,093
    Likes Received:
    0
    Rapid7's scan said my Tomato USB router is protected.