UPnP flaws place millions of networks in danger

Rick

Rick

Posts: 4,512   +66
Staff

Several security vulnerabilities found within common UPnP implementations have prompted experts at Rapid 7 to recommend the public disable UPnP entirely. Research spanning several months in 2012 revealed that over 2 percent -- or about 50 million -- of all IPv4 accessible networks suffer from one of just three flaws outlined in the paper (there are eight flaws in total). These vulnerabilities enable hackers to remotely access networks or even execute code. In fact, one remote code execution bug affects 23 million networks and can be triggered by the transmission of a single UDP packet.

UPnP is a zero-config technology that allows software and devices to automagically trigger the opening and forwarding of ports on managed network equipment (e.g. gateway, router, commercial switches). At home, UPnP is particularly useful for game servers, file sharing and P2P applications -- essentially any service that depends on incoming connections but doesn't utilize a mediation server. Without UPnP, users must manually configure port forwarding and IP address assignment via their router and firewall administration utilities.

According to security researchers, 81 million unique IPv4 addresses responded to remote UPnP discovery requests. Of those 81 million, about 20 percent allowed SOAP access -- an unsettling result when you consider this allowance can permit hackers remote access to networked devices behind a router. Possible exploits include stack overflows, remote code execution and unauthorized access to network management interfaces and even the networks themselves.

Portable UPnP, one of the four major UPnP libraries affected, released a patch today which resolves these troublesome exploits. However, it's up to equipment vendors (e.g. D-Link, Linksys etc..) to incorporate such security fixes into their firmware and distribute it to their users. For this reason, many devices that are no longer supported will remain unprotected indefinitely.

Not sure if your equipment is affected by one of the flaws? Rapid7 is offering a free utility to verify the safety of your network's UPnP implementation. There have been numerous complaints about downloading, installing and running this scanner though: your mileage may vary until they get the bugs worked out. If you're unsure or don't want to take any chances, disabling UPnP is probably the way to go.

Permalink to story.

https://www.techspot.com/news/51472-upnp-flaws-place-millions-of-networks-in-danger.html

 
I've never allowed UPnP at the gateway router and
for those on Win/7, the Firewall Advance Settings->Network Discovery (UPnP-in) can be further restricted
by setting the Scope to your Local Lan
(properties-> Scope Tab -> (*) These IP addresses -> add -> local subnet)

UPnP has ALWAYS been an issue.
 
  • Like
Reactions: MrBlkfx1
jobeard said:
UPnP has ALWAYS been an issue.
Click to expand...

For being "automagical", I've always found it cantankerous.

I actually re-visited UPnP in recent years to get WiFi sync working between iTunes and my iPhone... It just cemented my previous experiences. Sometimes it would work... sometimes it wouldn't... I'm sure it works fine for many people with many different routers etc.. but I've officially given up on UPnP.

I'm also someone who takes comfort in being explicit and deliberate when it comes to configuring devices... I leave it disabled and will likely continue to do so for some time.
 
jobeard said:
I've never allowed UPnP at the gateway router and
for those on Win/7, the Firewall Advance Settings->Network Discovery (UPnP-in) can be further restricted
by setting the Scope to your Local Lan
(properties-> Scope Tab -> (*) These IP addresses -> add -> local subnet)

UPnP has ALWAYS been an issue.
Click to expand...


Great tip will look into this tonight.

Question also say you want to use UPNP so it configures the port for the application you are trying to setup but then disabled after its configured. Would it be ok to use it on a per application basis then turn it off when not needed?
 
That would work, but what a pain to keep track of :(

There's also the issue of knowing what need to be configured - - sometimes it's more than just one application.
 
I disabled UPnP almost a year ago when I kept getting disconnected from BF3 servers, and saw disabling UPnP as a fix, and it worked!

"Without UPnP, users must manually configure port forwarding and IP address assignment via their router and firewall administration utilities."

Not me. I have zero ports manually configured with UPnP Disabled in my Thompson Modem/router, and torrents and online gaming are trouble free. Hmm, I just looked at settings again... is Automatic Port Mapping in uTorrent a workaround for forwarding ports manually with UPnP disabled?
 
hahahanoobs said:
I disabled UPnP almost a year ago when I kept getting disconnected from BF3 servers, and saw disabling UPnP as a fix, and it worked!

"Without UPnP, users must manually configure port forwarding and IP address assignment via their router and firewall administration utilities."

Not me. I have zero ports manually configured with UPnP Disabled in my Thompson Modem/router, and torrents and online gaming are trouble free. Hmm, I just looked at settings again... is Automatic Port Mapping in uTorrent a workaround for forwarding ports manually with UPnP disabled?
Click to expand...
Without UPnP or ports forwarded, your torrents would not be able to connect to another person who has the same configuration as you. Referred to as whether you are "connectable" or not.

UPnP is just another technology that should have been aborted at birth. Like ActiveX and WPS. When you consider the security holes and access it gives to unauthorised parties, it is just a bad idea. I've disabled it from day dot on every router that has had the feature because it just stunk.
 
WTF!

Rapid seven want my full name, phone number, job title and company, amoungst other things, just to use this utility.


What a crock...
 
Lionvibez said:
I just ran this tool on my network which has UPnP enabled and I got:
Click to expand...
Just means your UPnP does not have the exploit that the tool checks for. So you aren't susceptible to *this* problem.

One of the main reasons I don't like UPnP is that if malicious code runs on a machine in your network, it can use UPnP to open a port to the outside world and do things like act as a server for botnets and so on. Take commands etc. It's just a *really* dumb idea to give arbitrary software that kind of power.
 
Darth Shiv said:
main reasons I don't like UPnP is that if malicious code runs on a machine in your network, it can use UPnP to open a port to the outside world and do things like act as a server for botnets and so on. Take commands etc. It's just a *really* dumb idea to give arbitrary software that kind of power.
Click to expand...
This is the exact reason I've given for disabling UPnP in the last decade...
I always knew a vulnerability like this one we see today would come, I'm actually surprised it took so long!
 
UPnP should not be disabled if u host servers (ftp access, public game servers, Winamp radio stations ,etc.) on certified high quality modem/routers (Cisco, Linksis (Cisco again lol) D-Link, NetGear and Asus) especially if u are not a power user, no hacker could access your router, unless the firmware is outdated (professional brands have this auto-updated) and u messed with the settings (firewall disabled, ports left open without filtering)...

UPnP service should be disabled if u are a power user and want to control the whole scene.
 
havok585 said:
UPnP should not be disabled if u host servers (ftp access, public game servers, Winamp radio stations ,etc.) on certified high quality modem/routers (Cisco, Linksis (Cisco again lol) D-Link, NetGear and Asus) especially if u are not a power user, no hacker could access your router, unless the firmware is outdated (professional brands have this auto-updated) and u messed with the settings (firewall disabled, ports left open without filtering)...

UPnP service should be disabled if u are a power user and want to control the whole scene.
Click to expand...
Personally I would highly recommend anyone running dedicated servers to learn port forwarding rather than touch UPnP.
 
You must log in or register to reply here.

Similar threads

A
Some QNAP NAS devices affected by a critical vulnerability, updates available right now
Replies
4
Views
180
Puiu
Puiu
A
VMware forced to patch dangerous vulnerabilities in discontinued products
Replies
0
Views
112
Alfonso Maruccia
A
A
Consumer Reports finds dangerous security vulnerabilities in cheap doorbell cameras
Replies
11
Views
298
Watzupken
W

Latest posts

Back