Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Guf



4 posts

Wannabe Geek


Topic # 114301 15-Feb-2013 09:22
Send private message

http://watchguardsecuritycenter.com/2013/01/31/h-d-moore-unveils-major-upnp-security-vulnerabilities/

http://www.grc.com/securitynow.htm#389

81 million publically routable IPv4 endpoints have UPnP (which only makes sense LAN-side) open on the WAN side, and worse, most of those have a copy of the reference implementation with next to no security in it, thereby allowing a single UDP packet over 1900 to take over the router.

XNet's previously recommended hardware is among those affected, in particular the WAG310G, which also looks like it might also have it's admin portal open WAN-side too!

Various honeypot machines are seeing a daily increase in probes against this port - the threat is very real and definitely increasing!

Use the ShieldsUp service at grc.com ( https://www.grc.com/x/ne.dll?bh0bkyd2 ) to check if you are vulnerable, as it has a specific test for this.

If you are, join in the pressure to get XNet to block UDP:1900 as it is very unlikely the router makers are going to move fast on this as it'd involve admitting liability.

And should they release an update, how many affected customers would actually be able to successfully apply a firmware update - how many would just call it too hard..?


Filter this topic showing only the reply marked as answer Create new topic
24994 posts

Uber Geek
+1 received by user: 4880

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 762838 15-Feb-2013 10:00
Send private message

If you have a voice device from WxC that's auto provisioned any firmware updates can be applied automatically by them.

The big question is whether Cisco / Linksys will release an update..

Guf



4 posts

Wannabe Geek


  Reply # 762850 15-Feb-2013 10:19
Send private message

IIRC I purchased this hardware in a shop, as it was the recommended option, but I'm not certain of that.

In that case, it having WAN-side admin portal open makes some sense tho.

Specifically, FTP, HTTP and HTTPS are wide open on it, along with UCP:1900 and also the TCP port that it says to connect to for the UPnP SOAP interface; even tho the UPnP query response puts that against the internal IP it's open externally, and all this while the UI's checkbox for UPnP is set to Disabled!

 
 
 
 


Guf



4 posts

Wannabe Geek


Reply # 772414 1-Mar-2013 18:09
Send private message

I have discovered that if I set up my router to DHCP a certain range but have a DMZ IP outside that range (i.e. a black hole DMZ), the UPnP port is no longer accessible, thus meaning my router is no longer vulnerable to the flaw it has.

I have also reconsidered my request to block UDP1900 at the ISP, as I have remembered that it is not a service port (0-1024) and thus not solely used for UPnP.

I strongly suggest that if you have a vulnerable router, such as the WAG310G, recommend to all users of those to do as I have done.  To find out, visit grc.com and use the Shields Up service there as it has a specific test for this.


Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Security concerns reach new peak, Unisys Security Index
Posted 27-Jun-2017 14:11


Behind Spark’s slow-burn 4.5G plan
Posted 26-Jun-2017 16:23


Red Hat unveils production-ready open source hyperconverged infrastructure
Posted 23-Jun-2017 22:10


Whatever ailed Vodafone broadband … seems to be fixed
Posted 23-Jun-2017 14:10


VMware NSX Meets Stringent Government Security Standards with Common Criteria Certification
Posted 22-Jun-2017 19:05


Brother launches next-generation colour laser printers and all-in- ones for business
Posted 22-Jun-2017 18:56


Intel and IOC announce partnership
Posted 22-Jun-2017 18:50


Samsung Galaxy Tab S3: Best Android tablet
Posted 21-Jun-2017 12:05


Wellington-based company helping secure Microsoft browsers
Posted 20-Jun-2017 20:51


Endace delivers high performance with new 1/10/40 Gbps packet capture card
Posted 20-Jun-2017 20:50


You can now integrate SMX security into Microsoft Office 365, Google and other cloud email platforms
Posted 20-Jun-2017 20:47


Ravensdown launches new decision-making tool HawkEye
Posted 19-Jun-2017 15:38


Spark planning to take on direct management of all consumer stores
Posted 19-Jun-2017 10:03


Qrious acquires Ubiquity
Posted 14-Jun-2017 12:21


Spark New Zealand prepares for 5G with Nokia
Posted 14-Jun-2017 12:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.