Some Older Linksys Routers allow UPnP Configurable from the net


Recommended Posts

Some Older Linksys Routers allow UPnP Configurable from

update the firmware or disable UPnP immediately!

  Quote

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge.

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices' XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

Since UPnP isn't designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened ? and redirected to any other LAN device ? via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html

  On 27/08/2011 at 19:43, littleneutrino said:

been disabled for rather some time. :p

Ya but what about the millions of users of Linksys routers that just plug it in and go.

  On 27/08/2011 at 19:46, HawkMan said:

Keeping upnp on because it's convenient, and keeping the firewalls on only computers because there's no reason to not have them on.

And overly sensationalist.

What if you were behind a linksys router, had UPnP and had folder shares setup on your network. Then a guy on the net configures your UPnP to allow folder shares accessible on the net?

  On 27/08/2011 at 19:32, warwagon said:

***WARNING!*** Linksys Routers UPnP is Configurable from the net

disable UPnP immediately!

For some reason this story isn't getting much press. Personally I think this is huge. I had a hard enough time just finding a site that talked about it.

maybe because it's not that big of a deal?

  On 28/08/2011 at 05:07, Ryoken said:

Anyone that has set all their shares to public, is an idiot.

Someone wants to get on my network feel free, you'll get to see that I have shares, but that's it.

The fact a someone on the net can configure your router from the outside and even see your shares should make you feel uneasy. Regardless if they can actually open the shares,

This isn't really a huge deal, because, as it was said before, there are plenty of computers out there not even behind a router. However having your ports open for anyone on the internet isn't a good idea. You could always be caught with a slightly outdated software or exploited with a zero day.

any newb knows not to enable UPnP....</joke>

Joking aside....what a bummer! I mean, I sit behind a netgear router as my primary gateway...a linksys I'm using as a switch...then a linksys I'm using as an access point, with multiple workstations on wifi...even a ps3...and still, don't have to worry about it. Life goes on....(least, for me anyway)

There's probably a large number of people that use Linksys routers with custom firmware. Newer firmware versions have a feature that says "UPnP clients are allowed to add mappings only to their IP". I'd imagine this would protect you from the kind of vulnerability talked about in the article.

Linksys will more than likely fix this in a firmware update. But now many "Average user" upgrade the firmware of their routers?

How many "Average user" also install custom firmware?

So my guess would be we have millions of average users with linksys routers out there that are non the wiser to this issue.

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

  On 29/08/2011 at 20:35, sc302 said:

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

Having to enable it, doesn't that defeat the purpose it was created for? I can see why home user routers would be on by default, and I could also see why business class routers would have it off by default.

  On 29/08/2011 at 20:43, warwagon said:

Having to enable it, doesn't that defeat the purpose it was created for?

how so? disabled for the majority, if you need it you enable it....it is a tick just like wpa is a tick to enable.

  On 29/08/2011 at 20:46, sc302 said:

how so? disabled for the majority, if you need it you enable it.

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

I don't disagree with. If you need it turned on its a VERY easy thing to do. For the the home user, a not such an east thing to do.

  On 29/08/2011 at 20:48, warwagon said:

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

very true and that is why you see many routers that have no wireless security and upnp disabled because they kept the defaults.

point being that although it is a flaw, the majority isn't succumed to this flaw being that they don't even know how to get in to it to check it's ip or if it is connected to the internet. the ones who this flaw is subject to are the people who know enough to enable it for whatever reason and should be keeping up on their security and updates.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • There is but look up training videos to do data analysis in Excel v the app they use in libre office? Don't even know the name. Besides we are talking about govt employees. Have you tried explaining command line to a govt employee? Look I respect the people but I know that they could not be bothered with open source
    • Let's see how long this lasts. In the end, it comes down to productivity lost because of workflow disruptions. It's not even a question of "which is better", rather how painful will it be to switch and it's hard enough for a single person to switch - imagine an entire city's bureaucracy. Remember, there are governmental system in the US that are still using 5.25" floppy disks... Having been involved in these kinds of swaps, I can tell you - it's never as easy as the fanbase thinks it is.
    • Right, saw it in the microsoft blog, wasn't mentioned in the article, thanks.
    • Multiple internal and external HDDs from Seagate, Western Digital are now at great prices by Fiza Ali Amazon and Newegg are currently offering substantial discounts on a wide selection of internal and external hard drives from Seagate and Western Digital, with prices reduced across multiple capacities. The 4TB WD Purple Surveillance is a 3.5-inch SATA III drive offering sustained transfer rates of up to 175MB/s. It employs Conventional Magnetic Recording (CMR) with a 256MB cache buffer. The drive operates reliably between 0°C and 65°C and can be stored in temperatures ranging from –40°C to 70°C. Western Digital backs this unit with a three-year limited warranty as well. 4TB WD Purple Surveillance Internal HDD: $84.41 (Amazon US) - 8% off The 6TB WD Blue is also a 3.5-inch internal hard drive that connects via SATA III (6Gb/s) and delivers sustained transfer rates of up to 185MB/s. It spins at 5,400 RPM, employs Conventional Magnetic Recording (CMR) technology, and features a 256MB cache buffer. The drive operates reliably in temperatures from 0°C to 60°C (with safe storage down to –40°C and up to 70°C). It is backed by a two-year limited manufacturer’s warranty. 6TB WD Blue PC Internal HDD: $99.99 (Amazon US) - 17% off The 10TB WD Red Pro NAS drive comes in a 3.5-inch form factor and connects via SATA III (6Gb/s). It sustains transfer speeds of up to 267MB/s thanks to its 7,200 RPM spindle and 512MB cache buffer, and employs Conventional Magnetic Recording (CMR) for reliable multi-drive operation. It operates safely between 0°C and 65°C, can be stored or transported in temperatures from –40°C to 70°C, and is covered by Western Digital’s five-year limited warranty. 10TB WD Red Pro NAS Internal HDD: $237.49 (Amazon US) - 15% off This WD Elements Desktop external hard drive offers a 14TB of storage via a USB 3.0 interface (up to 5Gb/s), using a USB Micro-B connector that is backward-compatible with USB 2.0. It operates reliably between 5°C and 35°C and can be stored in temperatures ranging from –20°C to 65°C. The drive is powered by an external adapter and carries a two-year limited warranty. 14TB WD Elements Desktop External HDD: $199.99 (Amazon US) - 31% off The 16TB Seagate Expansion Desktop external hard drive delivers vast storage capacity in a simple, plug-and-play design. USB 3.0 connectivity provides high-speed data transfer rates. Out of the box, the Expansion Desktop model is recognised automatically by Windows, macOS, and ChromeOS systems. If you wish to use Apple’s Time Machine backup utility, the drive must be reformatted to the HFS+ file system. 16TB Seagate Expansion Desktop External HDD: $229.99 (Newegg) - 30% off The 16TB WD Elements desktop external HDD connects via a USB 3.0 interface using a Micro-B cable (up to 5Gb/s.) The drive features plug-and-play functionality, working straight out of the box with Windows PCs. It operates reliably in ambient temperatures from 5°C to 35°C and can be stored in temperatures ranging from –20°C to 65°C. The drive comes with a 2-year limited warranty as well. 16TB WD Elements Desktop External HDD: $249.99 + $20 off promo code SAAET2384 = 229.99 (Newegg) The 16TB Seagate BarraCuda 3.5-inch internal HDD offers Multi-Tier Caching Technology (MTC) which balances NAND flash, DRAM, and media cache layers to accelerate application launches, reduce load times, and maintain consistently high sustained read/write speeds. The included Seagate DiscWizard software simplifies drive migration, cloning, partitioning, and backup tasks. The drive is covered by a two-year limited warranty. 16TB Seagate BarraCuda Internal HDD: $194.99 (Newegg) - 7% off The 20TB Seagate Exos X20 delivers an enterprise-class solution for high-density storage environments and data centres. It offers a sustained sequential transfer rate of up to 285MB/s and advanced caching to ensure low-latency, repeatable response times for data-intensive workloads. It further features 550TB/year workload rating, 2.5 million-hour mean time between failures (MTBF), and five-year limited warranty. PowerChoice and PowerBalance technologies allow administrators to tailor power consumption profiles for active and idle states, reducing energy costs and cooling requirements. Hardware-based AES-256 encryption, password protection, and Seagate Secure certification safeguard sensitive data. 20TB Seagate Exos X20 Internal HDD: $379 + $50 off promo code EPET2523 = $329.99 (Newegg) This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • It's all 1Password's fault for using it before anyone else. 🙃
  • Recent Achievements

    • Collaborator
      Mighty Pen went up a rank
      Collaborator
    • Week One Done
      emptyother earned a badge
      Week One Done
    • Week One Done
      DarkWun earned a badge
      Week One Done
    • Very Popular
      valkyr09 earned a badge
      Very Popular
    • Week One Done
      suprememobiles earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      569
    2. 2
      +FloatingFatMan
      180
    3. 3
      ATLien_0
      175
    4. 4
      Xenon
      116
    5. 5
      Som
      110
  • Tell a friend

    Love Neowin? Tell a friend!