Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UPnP Security Flaws Put Millions of Devices at Risk

wiredmikey (1824622) writes | about a year and a half ago

Networking 0

wiredmikey (1824622) writes "Security researchers from Rapid7 have uncovered that roughly 40-50 million network-enabled devices are at risk due to vulnerabilities in the Universal Plug and Play (UPnP) protocol.

Universal Plug and Play (UPnP) is a set of networking protocols that allows communication between computers and network-enabled devices. It is enabled by default on millions of devices, from routers to printers to IP cameras and network storage servers. UPnP support is also enabled by default on Microsoft Windows, Mac OS X and many distributions of Linux.

In its research, Rapid7 declares (PDF) that the UPnP protocol "suffers from a number of basic security problems" ranging from a lack of authentication implemented by device manufacturers to privileged common programming flaws plague common UPnP software implementations. These issues, the report notes, are endemic across UPnP-enabled applications and network devices.

According to Rapid7's HD Moore, the two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. "In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet," Moore noted. "All told, we were able to identify over 6,900 product versions that were vulnerable through UPnP. This list encompasses over 1,500 vendors and only took into account devices that exposed the UPnP SOAP service to the internet, a serious vulnerability in of itself."

Moore suggested organizations take immediate action to identify and disable any Internet-exposed UPnP endpoints in their environments."

Link to Original Source

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?