Thursday, February 7, 2013

HUGE UPNP VULNERABILITY in lots of consumer networking gear!


The Security company Rapid7 has discovered that the implementation of Universal Plug and Play - a protocol that allows for effortless networking of several types of devices such as game consoles, Digital Video Recorders, IP cameras, media servers, etc. This protocol makes it so the devices do not have to have ports forwarded or a login. However the protocol was designed for local, trusted devices only, however hackers have exploited it for more than a decade. There have been numerous reports about this over the years and this is the first time people are getting serious about it.

Please review the lists and the data from the links below to determine if your router is vulnerable.

Please click the following link to test your equipment:
https://www.grc.com/x/ne.dll?rh1dkyd2

I am thrilled to report that the Amped Wireless R10000 and the R20000G routers are not on the list.

here are the links of material pertaining to the vulnerabilities:

http://www.pcworld.com/article/2026654/researcher-upnp-flaws-expose-millions-of-networked-devices-to-remote-attacks.html

libupnp_vulnerable_products
https://docs.google.com/spreadsheet/ccc?key=0ApUaRDtAei07dFdOWXdKRUVaUTdRYndnbW5zajRyTmc#gid=0

soap_vulnerable_products
https://docs.google.com/spreadsheet/ccc?key=0ApUaRDtAei07dGxkSHN1cEN3V2pmYW4yNkpZMlQ0Rmc#gid=0

No comments:

Post a Comment

We are sorry we currently had to disable Disqus comments till further notice, as they currently have issues with this platform. For now feel free to use (but NOT ABUSE) this temporary comment system. We will be able to re-import into the previous comment system once the transition is complete. Thank you.

Please note: All comments are subject to moderation before appearance on this site.