See also Rapid7 blog and US-CERT.This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device.
We strongly recommend people to check whether they may be vulnerable, and if so, disable the UPnP protocol in any affected devices. Further details on mitigation strategies are included in the executive summary section at the front of the attached whitepaper. The document also includes details on the methodology of the research, breakdown and analysis of the findings and insights into the implications.
UPnP: Unplug, Don't Play
UPnP: Unplug, Don't Play
Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
-
BUBBALOU
- DBB Benefactor
- Posts: 4198
- Joined: Tue Aug 24, 1999 2:01 am
- Location: Dallas Texas USA
- Contact:
Re: UPnP: Unplug, Don't Play
SPLOITZ!
Turn off UPnP on your Router and block any negotiations(most routers)
For external use only - intranet protocols are still active
Or
For those routers that block both internal and external UPnP protocols
If you are into streaming DLNA (apple TV/Xbox) and such
At the minimum block external router ports
UDP port 1900 and TCP port 2869
Turn off UPnP on your Router and block any negotiations(most routers)
For external use only - intranet protocols are still active
Or
For those routers that block both internal and external UPnP protocols
If you are into streaming DLNA (apple TV/Xbox) and such
At the minimum block external router ports
UDP port 1900 and TCP port 2869
I seem to have a better workout dodging your stupidity than attempting to grasp the weight of your intelligence.