Menu
What's new
By:
Filters Better Search

Universal Plug and Play (UPnP) yet again !!!

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
Twiglets

Twiglets

Senior Member
For information: (Includes many ASUS Routers)

Wreckin' routers

Last month, Kaspersky warned of advanced malware, dubbed Slingshot, that uses routers to infect networks. Well, here's some more along those lines. A report [PDF]* by Akamai discusses software nasties leveraging vulnerable Universal Plug and Play (UPnP) services offered by routers and gateways to press-gang at least 65,000 boxes.

In all, Akamai estimated that around five million routers could be vulnerable to hijacking via UPnP exploits: miscreants can use the flaws to rewrite networking tables, and turn devices into proxy servers. It has compiled a list of 400 router models from 73 manufacturers that are hackable, and if you've got one of these then it's time to either upgrade your kit or mitigate the risk.

From https://www.theregister.co.uk/2018/04/14/security_roundup/


*https://www.akamai.com/us/en/multim...at-proxies-via-nat-injections-white-paper.pdf

TL;DR
Make sure you block UPnP from the 'Internet/WAN' side, if you do not need to use it.
(Should NOT need to use it 'Internet/WAN' side AFAIK ...... sure to be told otherwise real soon ;) :D)

P.S. Don't know if Asuswrt-Merlin effectively fixes this or not, apologies if it does.
 
Hmm, interesting that the AC86U is not on the list. Same with the newest routers. Did they just not get tested or is it fixed on those?
 
dlandiss said:
Well, it sure confused me, since there is an "Enable UPnP" setting on the WAN setup page of my AC68 (374.43_29E2j9527). I can see why it might be thought to be vulnerable.
Click to expand...
Reading up on the situation, after it was highlighted it had been bought up before, it is clarified in this 'old' post.
https://www.snbforums.com/threads/consider-disabling-upnp-by-default.11440/

My Bad for missing the info that had been posted previously, although I do tend to only read things relating to Asuswrt-Merlin specifically such as Firmware updates or anything that relates to the numerous Scripts that have been developed such as AB-Solution, dnscrypt-proxy etc.
 
Duplicate post - locking.

(And the short answer: their methodology must be wrong, because neither Asuswrt nor Asuswrt-Merlin has ever allowed UPnP to be accessed over the WAN interface).
 
Status
Not open for further replies.

Similar threads

XIII
Akamai: "UPnProxy: Blackhat Proxies via NAT Injections"
Replies
8
Views
2K
sfx2000
sfx2000
o-l-a-v
New Upnp exploit affecting most Asus routers - "UPNproxy: Blackhat Proxies via NAT Injections"
2
Replies
32
Views
23K
huygens_25
huygens_25
U
CastHack - aka. what do PewDiePie and UPnP have in common
Replies
1
Views
2K
CriticJay
C
Bagman
UPNP Security flaw.
Replies
13
Views
14K
MintyTrebor
M
L
RT-n66u set upnp to play nice w/Win 7 WMC and HDHR tuners
Replies
9
Views
9K
rmckellar
R

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 968 (members: 13, guests: 955)
Top