Some Older Linksys Routers allow UPnP Configurable from the net


Recommended Posts

Some Older Linksys Routers allow UPnP Configurable from

update the firmware or disable UPnP immediately!

  Quote

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge.

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices' XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

Since UPnP isn't designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened ? and redirected to any other LAN device ? via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html

  On 27/08/2011 at 19:43, littleneutrino said:

been disabled for rather some time. :p

Ya but what about the millions of users of Linksys routers that just plug it in and go.

  On 27/08/2011 at 19:46, HawkMan said:

Keeping upnp on because it's convenient, and keeping the firewalls on only computers because there's no reason to not have them on.

And overly sensationalist.

What if you were behind a linksys router, had UPnP and had folder shares setup on your network. Then a guy on the net configures your UPnP to allow folder shares accessible on the net?

  On 27/08/2011 at 19:32, warwagon said:

***WARNING!*** Linksys Routers UPnP is Configurable from the net

disable UPnP immediately!

For some reason this story isn't getting much press. Personally I think this is huge. I had a hard enough time just finding a site that talked about it.

maybe because it's not that big of a deal?

  On 28/08/2011 at 05:07, Ryoken said:

Anyone that has set all their shares to public, is an idiot.

Someone wants to get on my network feel free, you'll get to see that I have shares, but that's it.

The fact a someone on the net can configure your router from the outside and even see your shares should make you feel uneasy. Regardless if they can actually open the shares,

This isn't really a huge deal, because, as it was said before, there are plenty of computers out there not even behind a router. However having your ports open for anyone on the internet isn't a good idea. You could always be caught with a slightly outdated software or exploited with a zero day.

any newb knows not to enable UPnP....</joke>

Joking aside....what a bummer! I mean, I sit behind a netgear router as my primary gateway...a linksys I'm using as a switch...then a linksys I'm using as an access point, with multiple workstations on wifi...even a ps3...and still, don't have to worry about it. Life goes on....(least, for me anyway)

There's probably a large number of people that use Linksys routers with custom firmware. Newer firmware versions have a feature that says "UPnP clients are allowed to add mappings only to their IP". I'd imagine this would protect you from the kind of vulnerability talked about in the article.

Linksys will more than likely fix this in a firmware update. But now many "Average user" upgrade the firmware of their routers?

How many "Average user" also install custom firmware?

So my guess would be we have millions of average users with linksys routers out there that are non the wiser to this issue.

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

  On 29/08/2011 at 20:35, sc302 said:

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

Having to enable it, doesn't that defeat the purpose it was created for? I can see why home user routers would be on by default, and I could also see why business class routers would have it off by default.

  On 29/08/2011 at 20:43, warwagon said:

Having to enable it, doesn't that defeat the purpose it was created for?

how so? disabled for the majority, if you need it you enable it....it is a tick just like wpa is a tick to enable.

  On 29/08/2011 at 20:46, sc302 said:

how so? disabled for the majority, if you need it you enable it.

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

I don't disagree with. If you need it turned on its a VERY easy thing to do. For the the home user, a not such an east thing to do.

  On 29/08/2011 at 20:48, warwagon said:

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

very true and that is why you see many routers that have no wireless security and upnp disabled because they kept the defaults.

point being that although it is a flaw, the majority isn't succumed to this flaw being that they don't even know how to get in to it to check it's ip or if it is connected to the internet. the ones who this flaw is subject to are the people who know enough to enable it for whatever reason and should be keeping up on their security and updates.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • only the copilot pc version went rtm in june. I think rtm was in september, so probably 2 months away.
    • 26200 25H2 is shaping up to be a very solid and stable release, hardly any issues with it here on 3 different configurations of computers
    • Samsung Galaxy S25+ 512GB is $220 off for powerful AI and a pro-grade camera by Paul Hill Are you in the market for a premium Samsung phone? If so, check out the Samsung Galaxy S25+ with 512GB of storage. It’s on Amazon right now for just $899, down 20% from its $1,199.99 list price, representing a significant $220.99 saving. This unlocked device is marked as the number 1 new release by Amazon in the Cell Phones category. If you’re interested, act fast as it’s a limited-time deal. The Galaxy S25+ comes packed with AI features under the umbrella of Galaxy AI. Capabilities include Multiple Tasks with One Ask which brings Google Gemini integration for multi-app commands, Now Brief which proactively gives you information you need to start the day, Audio Eraser to remove distracting sounds from your videos, and advanced portrait features. Powering these features is the Qualcomm SM8750-AB Snapdragon 8 Elite (3 nm) processor which handles all sorts of tasks efficiently including gaming, translation, and photo editing. Alongside the processor is 512GB of storage and 12GB of RAM. The S25+ uses a 6.7-inch QHD+ ProScaler Display which delivers vibrant visuals thanks to its use of Dynamic AMOLED 2X with 3,120 x 1,440 resolution and 120Hz refresh rate. Regarding camera setup, the S25+ has an AI camera with 50MP main sensor, 12MP ultrawide, and 10MP telephoto with OIS. There is also a 12MP front camera. This camera setup is capable of 8K video recording, which is impressive. Finally, you get long battery life with the 4,900 mAh and 45W fast charging support so you don’t need to wait long for it to recharge. If you’re an Android user looking to upgrade to a flagship phone without paying the full price, this deal is for you. If you have an eligible phone to trade in, there is an option to do so to claim up to $725 on the upgrade with Amazon.com Gift Card credit. If you’re excited by AI, but your current phone doesn’t support many AI features, this phone could also be a smart choice. Its display is also great for media consumption, and the processor is robust. Finally, if you have a lot of files to store, the 512GB of storage should be ample. Samsung Galaxy S25+ (Icyblue): $899 (Amazon US) / MSRP $1,199.99 This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. As an Amazon Associate, we earn from qualifying purchases.
    • Sniffnet 1.4.0 by Razvan Serea Sniffnet is a network monitoring tool to help you easily keep track of your Internet traffic. Whether you want to gather statistics, or you need to inspect more in depth what's going on in your network, this app will get you covered. Sniffnet is a technical tool, but at the same time it strongly focuses on the overall user experience: most of the network analyzers out there are cumbersome to use, while one of Sniffnet's cornerstones is to be usable with ease by everyone. Furthermore, Sniffnet is completely free and open-source, dual-licensed under MIT or Apache-2.0: if you are interested you can find the full source code on GitHub. Last but not least, this application is totally developed in Rust: a modern programming language to build efficient and reliable software, emphasizing performance and safety. Sniffnet key features choose a network adapter of your PC to inspect select a set of filters to apply to the observed traffic view overall statistics about your Internet traffic view real-time charts about traffic intensity keep an eye on your network even when the application is minimized export comprehensive capture reports as PCAP files identify 6000+ upper layer services, protocols, trojans, and worms find out domain name and ASN of the hosts you are exchanging traffic with identify connections in your local network discover the geographical location of the remote hosts save your favorite network hosts inspect each of your network connections in real time set custom notifications to inform you when defined network events occur choose the style that fits you the most, including custom themes support ... and more! Sniffnet 1.4.0 changelog: New features Import PCAP files (#795 — fixes #283) Enhanced notifications (#830 — fixes #637) Donut chart reporting overall traffic statistics (#756 — fixes #687) Added support for ARP protocol (#759 — fixes #680) Identify and tag unassigned/reserved "bogon" IP addresses (#678 — fixes #209) Show data agglomerates in Inspect page table (#684 — fixes #601) Added Traditional Chinese (Taiwan) translation 🇹🇼 (#774) Added Indonesian translation 🇮🇩 (#611) A Docker image of Sniffnet is now available (#735) Improvements Added new themes A11y (Night) and A11y (Day) based on palettes optimized for Accessibility (#785 — fixes #786) Do not apply new notification thresholds while user is typing them (#777 — fixes #658) Show more information when domain name is short (#720 — fixes #696) Avoid directory traversal when selecting file name for PCAP exports (#776 — fixes #767) Add icon to window title bar (#719 — fixes #715) Update footer buttons and links (#755 — fixes #553) Handle errors to reduce the number of possible crash occurrences (#784) Updated some of the existing translations to v1.3: Portuguese (#690) Ukrainian (#692) Spanish (#805) Fixes Fix crates.io package for Windows (#718 — fixes #681) Fix crash when inserting characters longer than one byte in the text input for byte threshold notification setting (#747 — fixes #744) Remove pre-uninstall script on Linux (fixes #644) Fix typo in Russian translation (fixes #730) Minor fix to service determination algorithm in case of multicast and broadcast traffic Download: Sniffnet 64-bit | Sniffnet 32-bit ~15.0 MB (Open Source) Link: Sniffnet Home Page | Other operating systems | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Anker announces global recall of five power bank models over fire safety risks by Aditya Tiwari The Chinese electronics brand, Anker Innovations, known for its mobile accessories and power banks has announced a voluntary global recall of five power bank models. The decision comes after the company spotted a potential fire hazard issue with lithium-ion battery cells from a particular vendor. Anker said that it put up a series of quality checks to detect manufacturing issues early in the production cycle, which include component level-audits and supplier testing. The company assured that "while the likelihood of malfunction is considered minimal, out of an abundance of caution, we have decided to initiate a voluntary global recall of several Anker power bank models." Here's the list of the Anker Power Bank models chosen for the global recall: Model A1257 - Anker Power Bank (10K, 22.5W) Model A1647 - Anker Power Bank (20,000mAh, 22.5W, Built-In USB-C Cable) Model A1652 - Anker MagGo Power Bank (10,000mAh, 7.5W) Model A1681 - Anker Zolo Power Bank (20K, 30W, Built-In USB-C and Lightning Cable) Model A1689 - Anker Zolo Power Bank (20K, 30W, Built-In USB-C Cable) If you think you own one of the affected power banks, you can check the model number located on the back or side of your power bank. After that, you can fill out the recall form to start the process and verify the serial number of your affected device. If your power bank is eligible for the recall, you can either get a replacement or receive a gift card for use on the Anker website. It's not offering any refunds in the US at the moment. Anker advises that you should stop using an impacted power bank immediately even if the device functions normally right now. A unit confirmed for the recall could pose the risk of overheating, melting, smoke, or fire. This is the second major recall from Anker in the same month after more than a dozen reports of fires and explosions. The company previously recalled over one million Anker PowerCore 10000 (A1263) power bank units, citing fire safety risks due to a potential issue with the Lithium-ion battery. These power banks were sold in the US from January 1, 2016 through December 31, 2022.
  • Recent Achievements

    • Collaborator
      Mighty Pen went up a rank
      Collaborator
    • Week One Done
      emptyother earned a badge
      Week One Done
    • Week One Done
      DarkWun earned a badge
      Week One Done
    • Very Popular
      valkyr09 earned a badge
      Very Popular
    • Week One Done
      suprememobiles earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      567
    2. 2
      +FloatingFatMan
      189
    3. 3
      ATLien_0
      176
    4. 4
      Skyfrog
      112
    5. 5
      Xenon
      110
  • Tell a friend

    Love Neowin? Tell a friend!