Security Alert: Disable UPnP on your router!

Monday, February 04, 2013 gc 0 Comments

You should disable UPnP (Universal Plug and Play) on your router.

In case you have not heard, there are about 81 million routers on the internet that can be completely compromised via exposed UPnP—likely including yours. There are known vulnerabilities in UPnP that have been exposed externally by most every router vendor (~1500 vendors). Since it was found to be exposed to 81 million routers combined with known UPnP vulnerabilities, these routers can be easily compromised giving complete control of your network to anyone able to address your router. This is a very serious and widespread security vulnerability!

The main thing that you need to do: make sure that UPnP is not available externally. It could be acceptable to have UPnP enabled internally only, if your router supports it. Xbox live, BitTorrent, Skype, and other apps can benefit or require having it enabled internally.

It all starts with UDP port 1900 (UPnP Simple Service Discovery Protocol).

More details...
Vulnerability Note VU#922681: http://www.kb.cert.org/vuls/id/922681
Security Now (#389: Great explanation): http://twit.tv/show/security-now/389
Computer World: http://blogs.computerworld.com/malware-and-vulnerabilities/21717/check-your-router-now-lex-luthor-does
HD Moore’s blog post (he found it): https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

Just wanted to help get the information out so you do not get pwned.

You Might Also Like

0 comments: