Critical vulnerability in many routers of various vendors

    As previously reported , DefenseCode discovered a zero-day vulnerability in Cisco Linksys routers. Representatives of the company notified the vendor and took a timeout for a couple of weeks before revealing the details of the vulnerability. Time passed, some details were revealed and it turned out that not only Cisco Linksys was vulnerable.

    Here are just some of the vendors where the vulnerability is present
    • Broadcom
    • Asus
    • Cisco
    • TP-Link
    • Zyxel
    • D link
    • Netgear
    • US Robotics

    We are talking about several vulnerabilities that lie in a number of implementations of the UPnP and SSDP protocol (based on Intel / Portable UPnP SDK and MiniUPnP SDK):
    CVE List
    1. CVE-2012-5958
    2. CVE-2012-5959
    3. CVE-2012-5960
    4. CVE-2012-5961
    5. CVE-2012-5962
    6. CVE-2012-5963
    7. CVE-2012-5964
    8. CVE-2012-5965
    9. CVE-2013-0229
    10. CVE-2013-0230

    Vulnerabilities can cause a denial of service or execute arbitrary code on the device without authorization. And since many routers interact with UPnP through the WAN, this makes them vulnerable not only to attacks from the local network, but also from remote networks. Those. from virtually any Internet computer. Not only routers, but generally any equipment using UPnP may be vulnerable: printers, media servers, IP cameras, NAS, smart TV, etc. Those. we are talking about millions of devices!

    Company rapid7 released a scanner to check their devices for vulnerabilities. Online version is available here .

    I got lucky. And you?

    The IP address from which the user came is checked. Those. Enter an arbitrary address for verification does not work.
    The offline version of the vulnerability scanner can be downloaded here . This scanner supports only Microsoft Windows. Mac OS X and Linux users can use Metasploit for this purpose. An example of using Metasploit:

    $ msfconsole

    msf> use auxiliary / scanner / upnp / ssdp_msearch
    msf auxiliary (ssdp_msearch)> set RHOSTS
    msf auxiliary (ssdp_msearch)> run

    The answer will be something like this: At the moment, it is known that TP-LINK has released a beta version of the firmware , which closes the vulnerability in the TD-W8960N hardware. By the end of February, they plan to release official firmware. As a temporary measure, it is recommended that you turn off UPnP support on network equipment. Related links: 1. List of devices where vulnerabilities are confirmed 2. Rapid7 vulnerability report in UPnP 3. DefenseCode vulnerability report in UPnP UPD: and today it became known about Regular zero-day vulnerabilities in various routers

    [*] SSDP Net-OS 5.xx UPnP/1.0 |
    [+] SSDP miniupnpd/1.0 UPnP/1.0 | vulns:2 (CVE-2013-0229, CVE-2013-0230)

    Also popular now: