Some Older Linksys Routers allow UPnP Configurable from the net

By +Warwagon
in Back Page News

 Share

Recommended Posts

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

Some Older Linksys Routers allow UPnP Configurable from

update the firmware or disable UPnP immediately!

  Quote

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge.

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices' XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

Since UPnP isn't designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened ? and redirected to any other LAN device ? via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted
  On 27/08/2011 at 19:43, littleneutrino said:

been disabled for rather some time. :p

Ya but what about the millions of users of Linksys routers that just plug it in and go.

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted
  On 27/08/2011 at 19:46, HawkMan said:

Keeping upnp on because it's convenient, and keeping the firewalls on only computers because there's no reason to not have them on.

And overly sensationalist.

What if you were behind a linksys router, had UPnP and had folder shares setup on your network. Then a guy on the net configures your UPnP to allow folder shares accessible on the net?

Grand Master

rajputwarrior

Posted
Posted
  On 27/08/2011 at 19:32, warwagon said:

***WARNING!*** Linksys Routers UPnP is Configurable from the net

disable UPnP immediately!

For some reason this story isn't getting much press. Personally I think this is huge. I had a hard enough time just finding a site that talked about it.

maybe because it's not that big of a deal?

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted
  On 28/08/2011 at 05:07, Ryoken said:

Anyone that has set all their shares to public, is an idiot.

Someone wants to get on my network feel free, you'll get to see that I have shares, but that's it.

The fact a someone on the net can configure your router from the outside and even see your shares should make you feel uneasy. Regardless if they can actually open the shares,

Contributor

j4c3

Posted
Posted

This isn't really a huge deal, because, as it was said before, there are plenty of computers out there not even behind a router. However having your ports open for anyone on the internet isn't a good idea. You could always be caught with a slightly outdated software or exploited with a zero day.

Grand Master

Obi-Wan Kenobi

Posted
Posted

any newb knows not to enable UPnP....</joke>

Joking aside....what a bummer! I mean, I sit behind a netgear router as my primary gateway...a linksys I'm using as a switch...then a linksys I'm using as an access point, with multiple workstations on wifi...even a ps3...and still, don't have to worry about it. Life goes on....(least, for me anyway)

Contributor

darcmage

Posted
Posted

There's probably a large number of people that use Linksys routers with custom firmware. Newer firmware versions have a feature that says "UPnP clients are allowed to add mappings only to their IP". I'd imagine this would protect you from the kind of vulnerability talked about in the article.

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted

Linksys will more than likely fix this in a firmware update. But now many "Average user" upgrade the firmware of their routers?

How many "Average user" also install custom firmware?

So my guess would be we have millions of average users with linksys routers out there that are non the wiser to this issue.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted
  On 29/08/2011 at 20:35, sc302 said:

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

Having to enable it, doesn't that defeat the purpose it was created for? I can see why home user routers would be on by default, and I could also see why business class routers would have it off by default.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted
  On 29/08/2011 at 20:43, warwagon said:

Having to enable it, doesn't that defeat the purpose it was created for?

how so? disabled for the majority, if you need it you enable it....it is a tick just like wpa is a tick to enable.

Grand Master

+Warwagon MVC

Posted
  • Author
  • MVC
Posted
  On 29/08/2011 at 20:46, sc302 said:

how so? disabled for the majority, if you need it you enable it.

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

I don't disagree with. If you need it turned on its a VERY easy thing to do. For the the home user, a not such an east thing to do.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted
  On 29/08/2011 at 20:48, warwagon said:

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

very true and that is why you see many routers that have no wireless security and upnp disabled because they kept the defaults.

point being that although it is a flaw, the majority isn't succumed to this flaw being that they don't even know how to get in to it to check it's ip or if it is connected to the internet. the ones who this flaw is subject to are the people who know enough to enable it for whatever reason and should be keeping up on their security and updates.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • 12TB Seagate IronWolf Pro CMR NAS HDD is at its lowest price

      By Fiza Ali · Posted

      12TB Seagate IronWolf Pro CMR NAS HDD is at its lowest price by Fiza Ali The 12TB Seagate IronWolf Pro Internal hard disk drive is currently selling at its lowest price in over two years, so you may want to check it out in case you have been wanting to upgrade your storage solution. The IronWolf Pro is engineered for 24×7 operation in multi‑bay, multi‑user NAS and RAID environments. Utilising conventional magnetic recording (CMR) technology and a 7,200RPM spindle speed, it promises consistent, high‑throughput for long hours. The drive connects via a SATA 6Gb/s interface and supports unlimited drive bays. The IronWolf Pro's 256MB cache further enhances data transfer efficiency. Optimised for RAID arrays, it features Seagate’s AgileArray technology, dual‑plane balancing, and Time‑Limited Error Recovery (TLER), alongside built‑in rotational vibration (RV) sensors to ensure stable operation in multi‑drive setups. Moreover, with a workload rating of 550TB per year and a mean time between failures (MTBF) of 2.5 million hours, this drive is built to withstand demanding commercial and enterprise usage. The drive includes a five‑year limited warranty and three years of complimentary Rescue Data Recovery Services as well. Finally, IronWolf Health Management is integrated into compatible NAS systems to monitor drive health. 12TB Seagate IronWolf Pro HDD: $218.49 (Amazon US) 13% off This Amazon deal is US-specific and not available in other regions unless specified. If you don't like it or want to look at more options, check out the Amazon US deals page here. Get Prime (SNAP), Prime Video, Audible Plus or Kindle / Music Unlimited. Free for 30 days. You can also check out other HDD deals here. For solid-state drives, you can head over to our SSD deals section to see if anything from there matches your requirements. Make sure you also browse through Amazon US, Amazon UK, and Newegg US to find some other great tech deals. As an Amazon Associate, we earn from qualifying purchases.
    • TIFU: Lian Li Dynamic Evo RGB front panel went boom

      By Steven P. · Posted

      Thanks yeah, I have reached out on Lian Li Facebook. I'll use the contact form if I don't get helped there.
    • The $80 video game - A new frontier of cost, or a bridge too far?

      By excalpius · Posted

      It's not about the amount of work. How can you not know that? Game companies charge what the market will bear, not based on what it cost to make. The market will clearly bear any price for a Mario series game because of the huge number fans across many decades. I don't expect Outer Worlds 2 to support that price point with matching huge sales numbers. I guess we'll know soon enough at release.
    • Windows 10 KB5060534, KB5060532, KB5060530, KB5060529 recovery updates released

      By hellowalkman · Posted

      Windows 10 KB5060534, KB5060532, KB5060530, KB5060529 recovery updates released by Sayan Sen Microsoft this week released Patch Tuesday updates for the month of June 2025 on Windows 10 (KB5060533 / KB5060531 / KB5061010 / KB5060998) and Windows 11 (KB5060842, KB5060999). Alongside that dynamic updates for Windows 10 were also published. This time there were no such updates for Windows 11 which is quite rare. Dynamic updates bring improvements to the Windows Recovery in the form of Windows Recovery Environment (WinRE) updates, also called Safe OS updates, as well as to the Setup binaries in the form of Setup updates. These Dynamic Update packages are meant to be applied to existing Windows images prior to their deployment. These packages include fixes to Setup.exe binaries, SafeOS updates for Windows Recovery Environment, and more. Dynamic Updates also help preserve Language Pack (LP) and Features on Demand (FODs) content during the upgrade process. VBScript, for example, is currently an FOD on Windows 11 24H2. Only recovery updates were released. The changelogs are given below: KB5060534: Safe OS Dynamic Update for Windows 10: June 10, 2025 KB5060532: Safe OS Dynamic Update for Windows 10, version 21H2 and 22H2: June 10, 2025 KB5060530: Safe OS Dynamic Update for Windows 10, version 1809 and Windows Server 2019: June 10, 2025 KB5060529: Safe OS Dynamic Update for Windows 10, version 1607 and Windows Server 2016: June 10, 2025 Microsoft notes that the updates will be downloaded and installed automatically via the Windows Update channel. You can also avail them manually on Microsoft's Update Catalog website: KB5060534, KB5060532, KB5060530, and KB5060534.
    • TIFU: Lian Li Dynamic Evo RGB front panel went boom

      By goretsky · Posted

      Hello, I didn't see any replacements listed at https://lian-li.com/product-category/accessories/, but they do have a contact page at https://lian-li.com/contact-us/.  I suspect reaching out to them would produce further information about the availability of a replacement.  Regards, Aryeh Goretsky  

  • Recent Achievements

    • Apprentice
      Wireless wookie went up a rank
      Apprentice
    • Week One Done
      bukro earned a badge
      Week One Done
    • One Year In
      Wulle earned a badge
      One Year In
    • One Month Later
      Wulle earned a badge
      One Month Later
    • One Month Later
      Simmo3D earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      557
    2. 2
      ATLien_0
      256
    3. 3
      +FloatingFatMan
      178
    4. 4
      Michael Scrip
      123
    5. 5
      Steven P.
      97
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!