Asus RT-N66U also effected: UPnP flaws expose 50 million devices to attack, ...

[joegreat]

Hi,

"Millions of consumer devices using the ubiquitous Universal Plug and Play (UPnP) protocol, including routers, printers, media servers and webcams, are vulnerable to a cocktail of dangerous security vulnerabilities, pen-testing outfit Rapid7 has discovered."

Full article can be found here.

Windows users could download the free and simple ScanNow tool to check for vulnerable endpoints.

The scan showed that also our Asus Router is also effected by the bad UPnP implementation.
I really wonder why the hell UPnP is exposed to the internet by the routers?

With kind regards
Joe

 

[ChrisR]

Check out this thread:
http://forums.smallnetbuilder.com/showthread.php?t=9722

 

[KevTech]

You have to make sure it says exploitable not just identified.

I have UPnP enabled and the routers IP is identified as having UPnP but if you look at exploitable it comes up zero.

 

[RogerSC]

I'm not going to install Java so that I can run the scanner *smile*, but seems like turning off UPNP might help, too. There's also a WPS exploit, not sure where Asus routers stand on that one, either. So I keep that turned off as well *smile*.

 

[RMerlin]

You have to make sure it says exploitable not just identified.

I have UPnP enabled and the routers IP is identified as having UPnP but if you look at exploitable it comes up zero.

Does that test only scans from inside your LAN? If that's the case, then it's half meaningless. What would be far more important is whether it's exploitable on the WAN side. Cause if someone already has LAN access, then you already have far more pressing security concerns than uPNP

 

[RMerlin]

I'm not going to install Java so that I can run the scanner *smile*, but seems like turning off UPNP might help, too. There's also a WPS exploit, not sure where Asus routers stand on that one, either. So I keep that turned off as well *smile*.

Considering a description of the WPS exploit is even written down in the Asuswrt source code comments, I assume it means it was fixed long ago (unless you're referring to a different attack vector).

 

[CaptainSTX]

You have to make sure it says exploitable not just identified.

I have UPnP enabled and the routers IP is identified as having UPnP but if you look at exploitable it comes up zero.

I got the same result when I tested so I don't see a problem.

 

[NipponBill]

howto turn off Upnp

Here's a super-noob question...

How and where do you turn off Upnp on the RT-N66U?

 

[KevTech]

Here's a super-noob question...

How and where do you turn off Upnp on the RT-N66U?

http://192.168.1.1/Advanced_WAN_Content.asp

 

[NipponBill]

Thanks!

http://192.168.1.1/Advanced_WAN_Content.asp

Thank you! I was stumbling through those screens and going right past that. UPnP OFF!

 

[joegreat]

For those who want independent confirmation

For those who want independent confirmation, or who also run other model routers: Check this thread for a posting by user MintyTrebor: A probe for these vulnerabilities is online avaliable (no install or registration required, all done from a web page).

With kind regards
Joe

My results are:

Your equipment at IP: xxx.yyy.zzz.nnn

Is now being queried:
THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)

 

[redpants]

lol this was news back when windows 95 was released. I've had upnp disabled ever since.. yes im cool