Some Older Linksys Routers allow UPnP Configurable from the net


Recommended Posts

Some Older Linksys Routers allow UPnP Configurable from

update the firmware or disable UPnP immediately!

  Quote

Routers from various manufacturers support UPnP (Universal Plug and Play) on their WAN interfaces, which apparently makes it possible for attackers to reconfigure them remotely via the internet and, for example, misuse them as surfing proxies or to infiltrate internal LANs. The problem was discovered by IT security specialist Daniel Garcia, who has developed the Umap tool to demonstrate the problem; the tool is available to download free of charge.

Umap detects UPnP-enabled end devices such as DSL routers and cable modems on the internet by directly retrieving the devices' XML descriptions. The required URLs and ports for some models are hard-coded into the tool. This enables the software to bypass the usual restriction that only allows UPnP to search for compatible hardware via multicast in local networks. Garcia says that entire device series by Edimax, Linksys, Sitecom or Thomson (SpeedTouch) respond to UPnP requests on their WAN interfaces.

Since UPnP isn't designed to include any authentication, the XML description can always be retrieved. Garcia said that, by performing an internet scan, he managed to detect 150,000 potentially vulnerable devices within a short period of time. Once initial contact has been made, the scanner sends such UPnP commands as AddPortMapping or DeletePortMapping to the devices via SOAP requests. LAN devices usually use these commands to access the internet via NAT. However, the devices from the manufacturers in question allow the port to be opened ? and redirected to any other LAN device ? via the WAN interface. Umap attempts to guess the internal IP address that is required to do so.

http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html

  On 27/08/2011 at 19:43, littleneutrino said:

been disabled for rather some time. :p

Ya but what about the millions of users of Linksys routers that just plug it in and go.

  On 27/08/2011 at 19:46, HawkMan said:

Keeping upnp on because it's convenient, and keeping the firewalls on only computers because there's no reason to not have them on.

And overly sensationalist.

What if you were behind a linksys router, had UPnP and had folder shares setup on your network. Then a guy on the net configures your UPnP to allow folder shares accessible on the net?

  On 27/08/2011 at 19:32, warwagon said:

***WARNING!*** Linksys Routers UPnP is Configurable from the net

disable UPnP immediately!

For some reason this story isn't getting much press. Personally I think this is huge. I had a hard enough time just finding a site that talked about it.

maybe because it's not that big of a deal?

  On 28/08/2011 at 05:07, Ryoken said:

Anyone that has set all their shares to public, is an idiot.

Someone wants to get on my network feel free, you'll get to see that I have shares, but that's it.

The fact a someone on the net can configure your router from the outside and even see your shares should make you feel uneasy. Regardless if they can actually open the shares,

This isn't really a huge deal, because, as it was said before, there are plenty of computers out there not even behind a router. However having your ports open for anyone on the internet isn't a good idea. You could always be caught with a slightly outdated software or exploited with a zero day.

any newb knows not to enable UPnP....</joke>

Joking aside....what a bummer! I mean, I sit behind a netgear router as my primary gateway...a linksys I'm using as a switch...then a linksys I'm using as an access point, with multiple workstations on wifi...even a ps3...and still, don't have to worry about it. Life goes on....(least, for me anyway)

There's probably a large number of people that use Linksys routers with custom firmware. Newer firmware versions have a feature that says "UPnP clients are allowed to add mappings only to their IP". I'd imagine this would protect you from the kind of vulnerability talked about in the article.

Linksys will more than likely fix this in a firmware update. But now many "Average user" upgrade the firmware of their routers?

How many "Average user" also install custom firmware?

So my guess would be we have millions of average users with linksys routers out there that are non the wiser to this issue.

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

  On 29/08/2011 at 20:35, sc302 said:

basically what I am getting at is that there are fewer with this issue than you think. Many routers do not enable upnp out of the box....I believe that there are more out there that do not than there are that do. I have run into less than a handful that have had this enabled out of the box. It is the gaming users (xbox, ps3, and possibly the wii users) that have this feature enabled...perhaps being that you have more experiance on the home side than I do in recent years you see different, but I am pretty sure that you have to enable this feature on most or all routers.

Having to enable it, doesn't that defeat the purpose it was created for? I can see why home user routers would be on by default, and I could also see why business class routers would have it off by default.

  On 29/08/2011 at 20:43, warwagon said:

Having to enable it, doesn't that defeat the purpose it was created for?

how so? disabled for the majority, if you need it you enable it....it is a tick just like wpa is a tick to enable.

  On 29/08/2011 at 20:46, sc302 said:

how so? disabled for the majority, if you need it you enable it.

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

I don't disagree with. If you need it turned on its a VERY easy thing to do. For the the home user, a not such an east thing to do.

  On 29/08/2011 at 20:48, warwagon said:

Ya, but they are Made for the 'Home users" Home users barely know where the address bar is, let alone how to log into their router and enable UPnP :cool:

very true and that is why you see many routers that have no wireless security and upnp disabled because they kept the defaults.

point being that although it is a flaw, the majority isn't succumed to this flaw being that they don't even know how to get in to it to check it's ip or if it is connected to the internet. the ones who this flaw is subject to are the people who know enough to enable it for whatever reason and should be keeping up on their security and updates.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • People who don't know how to use a computer to its fullest genuinely fascinate me. Nope, not at all. Either you get it or you don't. Not getting it is not a good reason to speak out.
    • I could not agree more with this article. Except on Linux. I use Windows for functionality first and foremost. Microsoft seems hell bent on removing functionality, though they try to appeal by adding a few new tricks, and re-instating some old tricks. Windows 11 is the Windows that NOBODY asked for. I'll accept that Windows 10 was getting long in the tooth on looks. So, why didn't Microsoft just offer some kind of new skin that you could take or leave? Instead they forced a change that has been extremely hard to swallow for far too many folks in my opinion. I'm 100% on Windows 11 now, but I do take some time to hack the registry a bit to bring back things like the real context menu and some sound controls. Heck, I've considered moving to Apple over this. If I really want functionality hindering OSes, that seems like a better choice at times than Windows 11. Linux still hits me as a toy OS. Great choice for my retro arcade cabinet, but not much else. Everyone says, "wait for Windows 12", but I'm getting tired of waiting for a fully working OS that doesn't destroy my ability to do things day after day. Even more so with updates, which I've always been a fan of updates, but now I see the light in the stupidity that Microsoft unleashes on unsuspecting users. Heaven forbid I want to continue to use Bluetooth as 24H2 destroyed the comm drivers for most of my machines. Had to buy USB dongles to get Bluetooth back. And, Copilot is neat, but not sure why Microsoft feels they need to force feed it to everyone with no recourse for removal. I'm sticking around for now, but my days are numbered as a Microsoft supporter if they continue down the path of insanity they currently are travelling.
    • Save 90% on a 12min Premium lifetime subscription, and power through books by Steven Parker Today's highlighted deal comes via our Apps + Software section of the Neowin Deals store, where you can save 90% on a lifetime premium subscription to 12min Micro Book Library. Power through important books and interesting topics in just 12 minutes each. 12min gives you access to hundreds of micro books in text and narrative form for you to explore. Every month, you'll get 30 new titles that are designed to be read and digested in just 12 minutes so you can learn on the go. Search for any book title in the extensive library or suggest new breakdowns to the 12min experts and they'll add it to the library. You can choose micro books from many different genres, send them to your Kindle Account, and enjoy reading them even while not having internet access. Expand your knowledge despite a busy schedule by reading micro books from different topics Select a book that you want & the 12min team will synthesize it into a short but comprehensive micro book Access micro books in text or audio forms Read anywhere with or without internet connection Good to know Length of access: lifetime This plan is only available to new users Redemption deadline: redeem your code within 30 days of purchase Note: Offer must be redeemed on desktop before being useable on mobile A Premium subscription to 12min normally costs $399.90, but you can pick this up for just $39.99 for a limited time. For a full description, terms and license click the link below. Get a 12min Premium lifetime subscription for just $39.99 (90% off) Although priced in U.S. dollars, this deal is available for digital purchase worldwide. We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • The $100 million mark was rejected a couple of days ago.
    • This super-powerful GaN charger with four ports is 50% off by Taras Buria Some time ago, I reviewed the Cuktech 10, a powerful 100W GaN charger with three ports. It left positive impressions, and since then, it has served me as my primary charger for my phone, watch, laptop, and tablet. Recently, Cuktech offered me the opportunity to take a look at the model 15, a more powerful 140W GaN charger, this time, with four ports. Right now, this powerful charger is available with a massive discount at just $50.99 (with coupon applied). The Cuktech 15 is the same as the Cuktech 10, just slightly bigger, more powerful, and with one extra port. It has a light metallic finish, but overall, it retains the brand's identity and features. The four ports are well spaced out, and the black plastic insert with a cyan rim has a ribbed texture for better grips. Although I live in Europe, Cuktech sent me a US variant with a retractable plug. Okay, I guess. The ability to retract the plug makes it extra portable, which is nice. A high-power 240W five-foot cable is also included. The charger measures 3.11 x 2.56 x 1.26 inches and weighs 0.737 lbs. The Cuktech 15 has four ports: two high-power Type-C ports, one Type-C port with a lower output, and one Type-A port. The first two Type-C ports can deliver a full 140W in single-port mode (PD 3.1 supported), which is nice—no asterisk or caveats here with combined power or something. If you need the full 140W for one device, you get it. Ports are capable of working in the following modes: Single-port Type-C1 / C2: 140W max 5V 2A, 5V 3A, 9V 3A, 11V 6.1A, 12V 3A, 15V 3A, 20V 5A, 28V 5A Type-C3: 33W max 5V 2A, 5V 2.4A, 9V 2A, 12V 1.5A, 11V 3A Type-A: 18W max 5V 2A, 5V 3A, 9V 2A, 12V 1.5A Multi-Port Type-C1 + C2: 100W + 33W or 65W + 65W Type-C1/C2 + Type-C3: 100W + 33W Type-C1/C2 + Type-A: 100W + 18W Type-C1 + Type-C2 + Type-C3: 65W + 60W + 7.5W or 45W + 45W + 18W Type-C1 + Type-C2 + Type-C3 + Type-A: 65W + 60W + 7.5W As you can see, the charger is pretty robust, and it can power two pretty powerful laptops at once and even have enough oomph to charge a smartphone, albeit at a lower power. Another thing worth mentioning is that the Cuktech 15 delivers "clean" power with pretty low pulsations at about 25-50 mV. The rule of thumb is that the lower the pulsations, the better the charger is for your device's battery health. In this area, Cuktech's charger does not disappoint, and they deliver way better results than 100 mV, which is considered a standard for a good charger. Cuktech uses gallium nitride technology, which enables smaller, more powerful and efficient charging. Speaking of efficiency, the charger is rated for 78% average or 64% at a 10% load. When charging at 120W, I received an average of 80-85%, which is good. Of course, when charging at peak power, it gets hot, but not too much. The Cuktech 15 140W usually costs $99.99, which is undoubtedly not cheap. However, right now, you can get it for half the price, which is a very good deal, considering you get a high-quality charger with plenty of ports and very high power output. Like with the Cuktech 10, you cannot go wrong with this one. CUKTECH 15 140W four-port GaN charger - $50.99 | 30% off + a 20% off coupon As an Amazon Associate, we earn from qualifying purchases.
  • Recent Achievements

    • One Month Later
      CHUNWEI earned a badge
      One Month Later
    • Week One Done
      TIGOSS earned a badge
      Week One Done
    • First Post
      henryj earned a badge
      First Post
    • First Post
      CarolynHelen earned a badge
      First Post
    • Reacting Well
      henryj earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      475
    2. 2
      +FloatingFatMan
      195
    3. 3
      ATLien_0
      163
    4. 4
      Xenon
      80
    5. 5
      Som
      76
  • Tell a friend

    Love Neowin? Tell a friend!