Asus RT-N66U also effected: UPnP flaws expose 50 million devices to attack, ...

Discussion in 'ASUS N Routers & Adapters' started by joegreat, Jan 30, 2013.

  1. joegreat

    joegreat Senior Member

    Joined:
    Jan 9, 2013
    Messages:
    481
    Location:
    Vienna, Austria
    Hi,

    "Millions of consumer devices using the ubiquitous Universal Plug and Play (UPnP) protocol, including routers, printers, media servers and webcams, are vulnerable to a cocktail of dangerous security vulnerabilities, pen-testing outfit Rapid7 has discovered."

    Full article can be found here. :confused:

    Windows users could download the free and simple ScanNow tool to check for vulnerable endpoints. :rolleyes:

    The scan showed that also our Asus Router is also effected by the bad UPnP implementation.
    I really wonder why the hell UPnP is exposed to the internet by the routers? :mad:

    With kind regards
    Joe :cool:
     
  2. ChrisR

    ChrisR Regular Contributor

    Joined:
    Jan 26, 2013
    Messages:
    57
    Location:
    Netherlands
  3. KevTech

    KevTech Senior Member

    Joined:
    Feb 27, 2012
    Messages:
    367
    Location:
    United States
    You have to make sure it says exploitable not just identified.

    I have UPnP enabled and the routers IP is identified as having UPnP but if you look at exploitable it comes up zero.
     

    Attached Files:

  4. RogerSC

    RogerSC Very Senior Member

    Joined:
    Oct 18, 2009
    Messages:
    1,531
    I'm not going to install Java so that I can run the scanner *smile*, but seems like turning off UPNP might help, too. There's also a WPS exploit, not sure where Asus routers stand on that one, either. So I keep that turned off as well *smile*.
     
  5. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    12,743
    Location:
    Canada
    Does that test only scans from inside your LAN? If that's the case, then it's half meaningless. What would be far more important is whether it's exploitable on the WAN side. Cause if someone already has LAN access, then you already have far more pressing security concerns than uPNP ;)
     
  6. RMerlin

    RMerlin Part of the Furniture

    Joined:
    Apr 14, 2012
    Messages:
    12,743
    Location:
    Canada
    Considering a description of the WPS exploit is even written down in the Asuswrt source code comments, I assume it means it was fixed long ago (unless you're referring to a different attack vector).
     
  7. CaptainSTX

    CaptainSTX Very Senior Member

    Joined:
    May 2, 2012
    Messages:
    635
    I got the same result when I tested so I don't see a problem.
     
  8. NipponBill

    NipponBill New Around Here

    Joined:
    Sep 15, 2012
    Messages:
    7
    Location:
    Osaka, Japan
    howto turn off Upnp

    Here's a super-noob question...

    How and where do you turn off Upnp on the RT-N66U?
     
  9. KevTech

    KevTech Senior Member

    Joined:
    Feb 27, 2012
    Messages:
    367
    Location:
    United States
  10. NipponBill

    NipponBill New Around Here

    Joined:
    Sep 15, 2012
    Messages:
    7
    Location:
    Osaka, Japan
  11. joegreat

    joegreat Senior Member

    Joined:
    Jan 9, 2013
    Messages:
    481
    Location:
    Vienna, Austria
    For those who want independent confirmation

    For those who want independent confirmation, or who also run other model routers: Check this thread for a posting by user MintyTrebor: A probe for these vulnerabilities is online avaliable (no install or registration required, all done from a web page).

    With kind regards
    Joe :cool:

    My results are:

    Your equipment at IP: xxx.yyy.zzz.nnn

    Is now being queried:
    THE EQUIPMENT AT THE TARGET IP ADDRESS
    DID NOT RESPOND TO OUR UPnP PROBES!
    (That's good news!)
     
  12. redpants

    redpants Regular Contributor

    Joined:
    Sep 13, 2012
    Messages:
    65
    lol this was news back when windows 95 was released. I've had upnp disabled ever since.. yes im cool :rolleyes:
     

Share This Page