Some Older Linksys Routers allow UPnP Configurable from the net


Recommended Posts

Some Older Linksys Routers allow UPnP Configurable from

update the firmware or disable UPnP immediately!

  Quote

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge.

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices' XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

Since UPnP isn't designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened ? and redirected to any other LAN device ? via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html

  On 27/08/2011 at 19:43, littleneutrino said:

been disabled for rather some time. :p

Ya but what about the millions of users of Linksys routers that just plug it in and go.

  On 27/08/2011 at 19:46, HawkMan said:

Keeping upnp on because it's convenient, and keeping the firewalls on only computers because there's no reason to not have them on.

And overly sensationalist.

What if you were behind a linksys router, had UPnP and had folder shares setup on your network. Then a guy on the net configures your UPnP to allow folder shares accessible on the net?

  On 27/08/2011 at 19:32, warwagon said:

***WARNING!*** Linksys Routers UPnP is Configurable from the net

disable UPnP immediately!

For some reason this story isn't getting much press. Personally I think this is huge. I had a hard enough time just finding a site that talked about it.

maybe because it's not that big of a deal?

  On 28/08/2011 at 05:07, Ryoken said:

Anyone that has set all their shares to public, is an idiot.

Someone wants to get on my network feel free, you'll get to see that I have shares, but that's it.

The fact a someone on the net can configure your router from the outside and even see your shares should make you feel uneasy. Regardless if they can actually open the shares,

This isn't really a huge deal, because, as it was said before, there are plenty of computers out there not even behind a router. However having your ports open for anyone on the internet isn't a good idea. You could always be caught with a slightly outdated software or exploited with a zero day.

any newb knows not to enable UPnP....</joke>

Joking aside....what a bummer! I mean, I sit behind a netgear router as my primary gateway...a linksys I'm using as a switch...then a linksys I'm using as an access point, with multiple workstations on wifi...even a ps3...and still, don't have to worry about it. Life goes on....(least, for me anyway)

There's probably a large number of people that use Linksys routers with custom firmware. Newer firmware versions have a feature that says "UPnP clients are allowed to add mappings only to their IP". I'd imagine this would protect you from the kind of vulnerability talked about in the article.

Linksys will more than likely fix this in a firmware update. But now many "Average user" upgrade the firmware of their routers?

How many "Average user" also install custom firmware?

So my guess would be we have millions of average users with linksys routers out there that are non the wiser to this issue.

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

  On 29/08/2011 at 20:35, sc302 said:

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

Having to enable it, doesn't that defeat the purpose it was created for? I can see why home user routers would be on by default, and I could also see why business class routers would have it off by default.

  On 29/08/2011 at 20:43, warwagon said:

Having to enable it, doesn't that defeat the purpose it was created for?

how so? disabled for the majority, if you need it you enable it....it is a tick just like wpa is a tick to enable.

  On 29/08/2011 at 20:46, sc302 said:

how so? disabled for the majority, if you need it you enable it.

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

I don't disagree with. If you need it turned on its a VERY easy thing to do. For the the home user, a not such an east thing to do.

  On 29/08/2011 at 20:48, warwagon said:

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

very true and that is why you see many routers that have no wireless security and upnp disabled because they kept the defaults.

point being that although it is a flaw, the majority isn't succumed to this flaw being that they don't even know how to get in to it to check it's ip or if it is connected to the internet. the ones who this flaw is subject to are the people who know enough to enable it for whatever reason and should be keeping up on their security and updates.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I enjoy using Discover Weekly. I have found new music using it. Just sometimes it goes off the rails and doesn't remember I don't like rap. I'm not sure this update is anything helpful, but I guess I'll try it if it comes to free accounts.
    • Yep, I got 250 mbps down / 50 mbps up on Qatar last week and about a 30 ms ping.
    • Here are all the new features added to Microsoft 365 Copilot in June 2025 by Usama Jawad Towards the end of each month, Microsoft publishes a roundup of the features that it added to some of its popular software in the previous four weeks. We have already talked about the new capabilities introduced in Excel and Teams during the month of June 2025, and now, it's time to talk about Microsoft 365 Copilot. We'll start off with admin-facing capabilities since there are only a few of them. For starters, the usage metrics for Copilot in the Copilot Analytics tool now have new prompt categories that give more insights as to how users are engaging with Copilot. This feature has just begun rolling out, but another enhancement to the usage metrics that is already available is dedicated statistics for intelligent meeting recaps. Finally, Microsoft 365 admins can now view and manage their inventory of agents and connectors and also have more granular control over costs and billing policies. On the user side of things, we have intelligent assistance in Copilot Chat, powered by ContextIQ. This layer of intelligence can scope prompts to internal (SharePoint, OneDrive) and external data sources, find files in the chat, and proactively offer relevant suggestions as you type. In the same vein, the Copilot mobile app is being updated so you can talk to the AI in a natural manner using your voice. In addition, users can also get access to deep reasoning agents such as Researcher and Analyst for more complex and research-oriented needs. The Create experience in the app is also being updated with the ability to generate stories and branded templates. Other interesting Copilot capabilities rolling out to Edge customers are the ability to prompt the AI through the search bar, access agents from within the browser, and take advantage of Copilot's impressive text summarization capabilities. That's not all though, other features in tow include: Enhancements to Copilot in Outlook: Schedule meetings through Copilot chat, summarization of email attachments, a new sidebar experience in the classic Outlook app, meeting preparation, and automated meeting invite creation Improved image generation and large file handling in Copilot Chat: More photorealistic image generation with better text depiction, ability to generate longer summaries from bigger files, and PDF scanning capabilities for insights Memory in Copilot: Copilot will now remember certain items from your conversation and you can modify or delete them Transferred calls summary with Copilot in Teams Phone: Generate a summary of a call and transfer it to a target New file extension for Copilot Pages: Copilot Pages will now have .page extension with an updated file icon Copilot Notebooks availability in OneNote: We already covered this in detail here Seamlessly add brand-approved images with Copilot in PowerPoint: Integration of Copilot with SharePoint Organization Asset Library (OAL) and Templafy asset libraries Explain formulas on the grid with Copilot in Excel: Self-explanatory, exactly what it says on the tin Expanded availability for the Microsoft 365 Copilot app: Availability of the Microsoft 365 Copilot app on Mac You can read more details about each of the aforementioned features here.
    • Damn, I blocked OldGuru a long time ago and you have to go and quote them so I have to read that creepy a$$ take. LOL Anyway 100% that dude can't find women that will have sex with him.
    • OneNote for Windows gets support for Dynamic DPI by Usama Jawad OneNote for Windows (part of Microsoft 365) is a pretty useful app if you're actively engaged in note-taking activities and also appreciate some rich text formatting capabilities. In fact, it also offers some decent integrations with Copilot, which make it an important piece of software in productivity-based environments. Now, Microsoft has introduced a feature that will likely make people with multi-monitor setups very happy. The OneNote for Windows application now supports Dynamic DPI (dots per inch). What this means is that you can use OneNote across any screen and it will scale according to the display's resolution, and you won't get a disconcerting and distracting blurring effect. You can extend your display to a high-resolution monitor and shift OneNote across displays without a hitch or any distraction. This is similar to the UX that is already present in Word, Excel, and PowerPoint. This Dynamic DPI support not only extends to the main text area but also to the section tabs, the Notebooks pane, drop-down menus, and Copilot Notebooks. All of these should look crisp and polished moving forward, without any manual adjustment or even an app restart required from the user's side. Microsoft has highlighted that it was encouraged to work on this capability after receiving user feedback from customers in this area. Dynamic DPI is now available to Current Channel (CC) customers on OneNote for Windows, running Version 2504 (Build 16.0.18827.20042) or later. That's not all, though. Another smaller enhancement present in OneNote moving forward is a revamped setup experience when you launch OneNote on a new Windows device for the first time. You will now receive a list of your five most recently used (MRU) notebooks that will open instantaneusly with a click. If you have more than five notebooks, you can pick and choose the files that you want to open. That said, Microsoft is looking to expand and improve on this experience in the future since it is fairly limited right now.
  • Recent Achievements

    • Week One Done
      dennis Nebeker earned a badge
      Week One Done
    • One Year In
      timothytoots earned a badge
      One Year In
    • One Month Later
      CHUNWEI earned a badge
      One Month Later
    • Week One Done
      TIGOSS earned a badge
      Week One Done
    • First Post
      henryj earned a badge
      First Post
  • Popular Contributors

    1. 1
      +primortal
      464
    2. 2
      +FloatingFatMan
      194
    3. 3
      ATLien_0
      163
    4. 4
      Xenon
      78
    5. 5
      Som
      73
  • Tell a friend

    Love Neowin? Tell a friend!