UPnP Vulnerability

Author	All Replies
ruiner join:2012-03-10 Canada 1 edit	UPnP Vulnerability quote: During the security analysis, we have discovered remote preauth format string vulnerability in Broadcom UPnP stack. Vulnerability can be exploited to write arbitrary values to arbitrary memory address, and also to remotely read router memory. When properly exploited, it allows unauthenticated attacker to execute arbitrary code under root account. Source: »news.softpedia.com/news/DefenseC···31.shtml So now we know why the Actiontec's firmware is so terrible. Telus is trying to protect us by having the UPnP daemon crash so that we can't be hacked. Anyone who knows how to port forward who is using UPnP may want to look at disabling UPnP and forwarding any ports you need instead. The Actiontec is on the list of vulnerable hardware.
	to forum · permalink · 2013-02-09 15:51:00 ·
Tornado15550 Hello DSLR join:2012-12-16 Canada	Will Telus be releasing a firmware update for the V1000H to patch this vulnerability?
	to forum · permalink · 2013-02-09 17:22:20 ·
jtl999 Classified CEO join:2012-11-24	reply to ruiner Let's just get our own modems.
	to forum · permalink · 2013-02-09 17:36:10 ·
pfak Premium join:2002-12-29 Vancouver, BC	reply to Tornado15550 said by Tornado15550: Will Telus be releasing a firmware update for the V1000H to patch this vulnerability? In 6 months time .. -- The more I C, the less I see.
	to forum · permalink · 2013-02-09 21:11:14 ·
nss_tech join:2007-07-29 Edmonton AB	reply to ruiner @jtl999 - Aren't you still with Shaw? @pfak - It takes that amount of time just for the red tape
	to forum · permalink · 2013-02-10 00:25:03 ·
ohnoohnoohno @telus.net	reply to ruiner I so do hate certain 'automated' things for computing. Some things are so simple, yet they add a 'convenience button' to make it so tech support doesn't have to come and hold the consumers hand everyday. And its these magic buttons that they keep finding security flaws with. Idiocracy, we are almost there. »www.imdb.com/title/tt0387808/ Hey it could be worse, Some ISPs in the U.S. are now charging a fee for 'wireless' on the gateway(modem/router) units. But at least when you refuse to pay the wireless 'fee' they bridge the gateway so you can easily use your own router, until a system glitch disables the bridge.
	to forum · permalink · 2013-02-10 06:53:24 ·

StarBuck join:2011-01-16 Port Coquitlam, BC	reply to ruiner People still use Universal Plug and Pray ? Hasn't it been a known hole for years? Since 2003 ..... First thing I always do with new equipment is to disable it ( upnp) and I thought everyone did that. Oh and lets not forget about SSDP....
	to forum · permalink · 2013-02-10 12:22:12 ·
Tornado15550 Hello DSLR join:2012-12-16 Canada	I thought that was with WPS. I disabled WPS as soon as I got my V1000H as it too has a vulnerability, right? And that should also be patched in the next firmware update!!
	to forum · permalink · 2013-02-10 12:52:56 ·
jtl999 Classified CEO join:2012-11-24	reply to nss_tech Switching soon when TekSavvy DSL has 50mbps. It appears that will happen in the worst case in the summer according to several employees.
	to forum · permalink · 2013-02-10 13:17:42 ·
BadMagpie join:2011-02-05	reply to pfak said by pfak: said by Tornado15550: Will Telus be releasing a firmware update for the V1000H to patch this vulnerability? In 6 months time .. Will that allow for a faster than 76/12 sync with PhyR on?
	to forum · permalink · 2013-02-10 15:47:12 ·
Exand join:2001-10-28 Canada	reply to ruiner You can run a scan to see if your UPnP is vulnerable: »www.grc.com/default.htm (Halfway down the page, UPnP Exposure Test)
	to forum · permalink · 2013-02-10 23:46:36 ·
Tornado15550 Hello DSLR join:2012-12-16 Canada	"THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES! (That's good news!)" Running Actiontec V1000H with latest unmodified firmware, and UPnP enabled.
	to forum · permalink · 2013-02-11 02:49:43 ·
umm @videotron.ca	reply to Exand said by Exand: You can run a scan to see if your UPnP is vulnerable: »www.grc.com/default.htm (Halfway down the page, UPnP Exposure Test) That test is not meant for this specific upnp exploit.
	to forum · permalink · 2013-02-11 14:46:06 ·
peternm22 join:2006-08-20 Salmon Arm, BC	said by umm : That test is not meant for this specific upnp exploit. Yes it is. A new test was recently added to the Shields Up page to test specifically for this exploit (not to be confused with GRC's earlier Unplug n' Play utility, which is designed for UPNP on a Windows system not the router)
	to forum · permalink · 2013-02-11 17:32:10 ·
Exand join:2001-10-28 Canada	reply to umm said by umm : That test is not meant for this specific upnp exploit. As peternm22 said, it's been updated since the old version.
	to forum · permalink · 2013-02-11 19:30:45 ·
ruiner join:2012-03-10 Canada	reply to Tornado15550 The DefenseCode article said the Actiontec is vulnerable and that a lot of routers expose UPnP on their WAN interface. They didn't specifically say which routers do though, so that is good to know. My Actiontec is bridged with UPnP disabled already before the bridge so I couldn't test it. Being a LAN side exploit reduces the severity a lot.
	to forum · permalink · 2013-02-11 22:54:20 ·
Tornado15550 Hello DSLR join:2012-12-16 Canada	Very true, but actually patching the vulnerability completely, would provide a peace of mind for a lot of users. Of course, IF the V1000H model is vulnerable (as you said, they didn't specify the router models that were affected).
	to forum · permalink · 2013-02-12 21:05:27 ·

O Canada! > Canadian > Telus > UPnP Vulnerability