HUGE UPNP VULNERABILITY in lots of consumer networking gear!


The Security company Rapid7 has discovered that the implementation of Universal Plug and Play - a protocol that allows for effortless networking of several types of devices such as game consoles, Digital Video Recorders, IP cameras, media servers, etc. This protocol makes it so the devices do not have to have ports forwarded or a login. However the protocol was designed for local, trusted devices only, however hackers have exploited it for more than a decade. There have been numerous reports about this over the years and this is the first time people are getting serious about it.

Please review the lists and the data from the links below to determine if your router is vulnerable.

Please click the following link to test your equipment:
https://www.grc.com/x/ne.dll?rh1dkyd2

I am thrilled to report that the Amped Wireless R10000 and the R20000G routers are not on the list.

here are the links of material pertaining to the vulnerabilities:

http://www.pcworld.com/article/2026654/researcher-upnp-flaws-expose-millions-of-networked-devices-to-remote-attacks.html

libupnp_vulnerable_products
https://docs.google.com/spreadsheet/ccc?key=0ApUaRDtAei07dFdOWXdKRUVaUTdRYndnbW5zajRyTmc#gid=0

soap_vulnerable_products
https://docs.google.com/spreadsheet/ccc?key=0ApUaRDtAei07dGxkSHN1cEN3V2pmYW4yNkpZMlQ0Rmc#gid=0

Comments