Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security The Internet IT Technology

50 Million Potentially Vulnerable To UPnP Flaws 138

Posted by Soulskill from the much-lower-than-expected dept.
Gunkerty Jeb writes "In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks. A Rapid7 white paper enumerated UPnP-exposed systems connected to the Internet and identified the number of vulnerabilities present in common configurations. Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw. 'This research was primarily focused on vulnerabilities in the SSDP processor across embedded devices,' Rapid7's CSO HD Moore said. 'The general process was to identify what was out there, make a list of the most commonly used software stacks, and then audit those stacks for vulnerabilities. The results were much worse than we anticipated, with the most commonly used software stack (libupnp) also being the most vulnerable.'"
This discussion has been archived. No new comments can be posted.

50 Million Potentially Vulnerable To UPnP Flaws More

50 Million Potentially Vulnerable To UPnP Flaws

Comments Filter:

  • Re:Is it ``hacking'', the way they discovered it? (Score:5, Informative)

    by Anonymous Coward on Wednesday January 30, 2013 @04:11AM (#42735507)

    Their methodology is explained in the report. Halfway through the first page of executive summary you'll find the following:

    UPnP discovery requests were sent to every routable IPv4 address approximately once a week from
    June 1 to November 17, 2012.

  • FYI If you have Verizon FiOS... (Score:5, Informative)

    by eksith ( 2776419 ) on Wednesday January 30, 2013 @04:38AM (#42735613) Homepage

    ...Like I do, you may find the router's UPnP page mysteriously missing from the "Advanced" section of your admin panel. This is a brilliant move on their part to avoid users breaking their skype/game access and then calling tech support.

    But the page itself is still there. Only the link was removed. To get to it, visit : http://192.168.1.1/index.cgi?active%5fpage=900 [192.168.1.1]

    Suck it, Verizon!

  • Re:UPnP is a vulnerability (Score:5, Informative)

    by green1 ( 322787 ) on Wednesday January 30, 2013 @11:29AM (#42737851)

    Almost all routers are not vulnerable, if you are smart enough to uncheck the UPnP box. I haven't seen many where you can't disable it. and as has been pointed out elsewhere. Running a firewall where any malware can request a gapping hole in it sort of defeats the purpose.
    These flaws are already a non-issue to anyone who takes security seriously. The problem is that the average user leaves things as they come from the factory, and they come from the factory vulnerable.

Slashdot Top Deals

2.4 statute miles of surgical tubing at Yale U. = 1 I.V.League

Close