Reply

Massive uPnP security flaw in our routers

o_l_a_v
Aspirant

Massive uPnP security flaw in our routers

According to the security company "Rapid7" there has been found a security flaw in the uPnP system used by router manufacturers: Netgear, dLink, Liksys and others. It is said to might threaten 50 MILLIONS routers worldwide.

Read more about it here:
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-...

It's recommended to turn uPnP off for now. I don't know if this threaten our WNDR4000, but Netgear def. should be looking into it.
Message 1 of 10
jmizoguchi
Virtuoso

Re: Massive uPnP security flaw in our routers

report the issues to support directly using portal at my.netgear.com
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 2 of 10
sabretooth
Apprentice

Re: Massive uPnP security flaw in our routers

It is suggested that UPnP be disabled in the router anyway for years.
Message 3 of 10
highlogger
Aspirant

Re: Massive uPnP security flaw in our routers

http://www.tomshardware.com/forum/11...ed-wifi-router
The site above has further information and useful links about the flaws in UPnP. The advice given is to turn off UPnP in both router and client.

I found this advice after I'd started having problems....
Message 4 of 10
sabretooth
Apprentice

Re: Massive uPnP security flaw in our routers

highlogger wrote:
http://www.tomshardware.com/forum/11...ed-wifi-router
The site above has further information and useful links about the flaws in UPnP. The advice given is to turn off UPnP in both router and client.

I found this advice after I'd started having problems....


Bad link ^^^
Message 5 of 10
lawnman
Aspirant

Re: Massive uPnP security flaw in our routers

I can not use the remote access in my wd my book live or duo with out UPnP in the dashboard of the wd lives and enabled in my router, which is a 3700v2. The logs will say lan access from remote with addresses from all over the world. When is this going to be fixed? It did work and now my daughter can not use it because of this flaw.
Message 6 of 10
jmizoguchi
Virtuoso

Re: Massive uPnP security flaw in our routers

report the issues to support directly using portal at my.netgear.com
VPN Case Study

VPNCASESTUDY.COM

"Our Second To None VPN Related Setup Case Study[/COLOR][/URL]

"One Stop Solution To Your Netgear VPN Connectivity"

*Visit the site for Non-VPN related Doc & Links* [Windows & Mac user/support]





June Mizoguchi-
Message 7 of 10
lawnman
Aspirant

Re: UPnP Security Vulnerability

I have a netgear 3700v2 and had to disable UPnp. I was being attacked according to the router's logs. Lan Remote Access from addresses from all over the world. I need UPnp enabled to remotely access the my book live duo from western digital. It worked great. My daughter uploads the kids pictures and movies and I store other pictures and movies from the other kids in the family as well. But netgear told me to turn it off. The attacks have definitely slowed down. I get Dos scans of all different types now and then, but nothing like before. Including FIN, RST, ACK, and some other weird one, I can't remember right now. Again much quieter now. It was so bad it took forever to get on line. My mac seems to be ok, but there is no way for me to check it with a virus or trojan or malware scan. It is fast as lightening again, but no more sharing until I can do it safely. Remote access is also shut off in the dashboard of the device. This is why I bought it, to be able to remotely access and share with family. Any advise would be appreciated.
Message 8 of 10
fordem
Mentor

Re: UPnP Security Vulnerability

Manually configure your router as required to suit your needs - all uPnP does is allow the router to be configured by the application, unfortunately, it allows any application to configure the router, which is where the problem lies, you don't know who is doing what.

Give a man a fish, feed him for a day
Teach a man to fish, feed him for life.
Message 9 of 10
Mars Mug
Virtuoso

Re: Massive uPnP security flaw in our routers

Lawnman, stick to this one thread please.
Message 10 of 10
Top Contributors
Discussion stats
  • 9 replies
  • 6900 views
  • 0 kudos
  • 7 in conversation
Announcements

Orbi WiFi 6E