My home network never had the UPnP vulnerability, how to test your home's router

Posted by Paul Braren on Feb 5 2013 in
  • HowTo
  • Network
  • UPnP might be running on your router's Internet (WAN) port. Here's an excerpt from the wiki article on Universal Plug and Play, explaining what UPnP was intended to do:

    seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment

    Why on earth would you want that on the outside of your home network? Short answer, you don't.

    Last year, the big WiFi Protected Setup issue hit the news. This year, this week, it's UPnP, Universal Plug and Play that's got got my attention recently. Knowing that I had turned off UPnP on my home and family's routers for at least the last 6 years, I didn't give it much thought. There are ways to get similar functionality without UPnP, which admittedly take a bit more work, involving setting up the right port forwarding.

    Then I heard Security Now 389 Unplug UPnP and This Week in Enterprise Tech 28, learning from Steve Gibson that turning UPnP in your router's interface might only turn off the UPnP feature on the LAN side, not the WAN side. So it was time to do a look-up on my chosen router, the Cisco E4200 v1 router, discussed in many of my articles.

    Seems I'm in the clear, looking at the list of vulnerable routers at the bottom of this article
    Title: Information regarding US CERT Vulnerability Note VU#922681 – Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
    Article ID: 28341, Original Release date: 29 Jan 2013 | Last revised: 01 Feb 2013

    but tested my WAN port's vulnerability anyway, using the very reputable GRC (Gibson Research Corporation) ShieldsUP! free scan done here:
    GRC's “Instant UPnP Exposure Test”
    and yes, I do seem to be all set.


    Here's some more articles about the potential issue that are good places to start, for your own checking for your friends and family.

    Posted by HD Moore in Information Security on Jan 29, 2013 1:05:19 AM

    This paper is the result of a research project spanning the second half of 2012 that measured the global exposure of UPnP-enabled network devices. The results were shocking to the say the least. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks outlined in this paper. The two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities.

    CERT Vulnerability Note VU#922681
    Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP, Original Release date: 29 Jan 2013 | Last revised: 01 Feb 2013