Is UPnP vulnerable in DD-WRT?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
ColdBrew
DD-WRT Novice


Joined: 20 Nov 2008
Posts: 17
Location: USA

PostPosted: Wed Jan 30, 2013 1:21    Post subject: Is UPnP vulnerable in DD-WRT? Reply with quote
Exploit found in UPnP.
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

_________________
Linksys WRT600N v1.1 - DD-WRT v24-sp2 (04/30/09) mega - build 12031M NEWD Eko
Linksys WRT54GS v2 - DD-WRT v24-sp2 (11/19/08) mega - build 10949M NEWD Eko
Linksys WRT54G v2 - DD-WRT v24-sp2 (11/19/08) std - build 10949M NEWD Eko
Sponsor
wonkawalken
DD-WRT Novice


Joined: 15 Mar 2010
Posts: 14

PostPosted: Wed Jan 30, 2013 7:49    Post subject: Reply with quote
If I understand this correctly, this is about UPnP listening for requests on the WAN port?
Riffer
DD-WRT Novice


Joined: 01 Mar 2008
Posts: 33

PostPosted: Wed Jan 30, 2013 8:16    Post subject: Reply with quote
Yes, you understand it right.
wonkawalken
DD-WRT Novice


Joined: 15 Mar 2010
Posts: 14

PostPosted: Wed Jan 30, 2013 8:55    Post subject: Reply with quote
For what it’s worth, I scanned my DD-wrt (build 20548) from WAN and LAN with the instructions given in the article and it returned no vulnerabilities/CVEs.
blisk
DD-WRT Novice


Joined: 26 Jun 2006
Posts: 36

PostPosted: Wed Jan 30, 2013 15:38    Post subject: Reply with quote
wonkawalken wrote:
For what it’s worth, I scanned my DD-wrt (build 20548) from WAN and LAN with the instructions given in the article and it returned no vulnerabilities/CVEs.


Well that is good to know. Would be nice to know though if it had to be patched in the tree at some point. If so when would be good to know so we could know if we have a certain build (I'm on 20006) - say for example after build 20000 - it isn't an issue.
Simba7
DD-WRT User


Joined: 09 Oct 2007
Posts: 51

PostPosted: Wed Jan 30, 2013 19:16    Post subject: Reply with quote
It's amazing that people freak out about the littlest things.. or that "Homeland inSecurity" uses this as a scare tactic.

Truthfully, why would you have a UPnP service on the WAN port in any scenario? This is just asking for trouble. There is no issue whatsoever if it's running on the LAN port(s). *sigh*

I wouldn't be surprised if HS got chewed out by the IT community for using this BS tactic.. because we all know that HS is looking out for us. [/sarcasm]
crashfly
DD-WRT Guru


Joined: 24 Feb 2009
Posts: 2026
Location: Sol System > Earth > USA > Arkansas

PostPosted: Wed Jan 30, 2013 19:23    Post subject: Reply with quote
blisk wrote:
Well that is good to know. Would be nice to know though if it had to be patched in the tree at some point. If so when would be good to know so we could know if we have a certain build (I'm on 20006) - say for example after build 20000 - it isn't an issue.

I do not think that it has ever been a problem in DD-WRT, that is unless iptables is configured incorrectly. You have to remember that DD-WRT is based on Linux. Except for misconfigurations, Linux is a very secure OS.

_________________
E3000 22200M KongVPN K26
WRT600n v1.1 refirb mega 18767 BS K24 NEWD2 [not used]
WRT54G v2 16214 BS K24 [access point]

Try Dropbox for syncing files - get 2.5gb online for free by signing up.

Read! Peacock thread
*PLEASE* upgrade PAST v24SP1 or no support.
RMerlin
DD-WRT User


Joined: 05 Mar 2012
Posts: 273

PostPosted: Wed Jan 30, 2013 22:29    Post subject: Reply with quote
They would have you install Java on your computer to scan for vulnerabilities. Ironic, isn't it?
Fractal
DD-WRT Guru


Joined: 19 Apr 2010
Posts: 1243

PostPosted: Thu Jan 31, 2013 0:41    Post subject: Reply with quote
RMerlin wrote:
They would have you install Java on your computer to scan for vulnerabilities. Ironic, isn't it?


This vulnerability is not present in current DD-WRT builds, I have tested it against my builds and my new one I am about to release and both come back clean.

-Fractal
LOM
DD-WRT Guru


Joined: 28 Dec 2008
Posts: 7647

PostPosted: Thu Jan 31, 2013 0:45    Post subject: Reply with quote
blisk wrote:

Well that is good to know. Would be nice to know though if it had to be patched in the tree at some point. If so when would be good to know so we could know if we have a certain build (I'm on 20006) - say for example after build 20000 - it isn't an issue.


Just flash those older builds that you are worried about, test for the vulnerability and report back here.

_________________
Kernel panic: Aiee, killing interrupt handler!
RMerlin
DD-WRT User


Joined: 05 Mar 2012
Posts: 273

PostPosted: Thu Jan 31, 2013 0:46    Post subject: Reply with quote
Fractal wrote:
RMerlin wrote:
They would have you install Java on your computer to scan for vulnerabilities. Ironic, isn't it?


This vulnerability is not present in current DD-WRT builds, I have tested it against my builds and my new one I am about to release and both come back clean.

-Fractal


AFAIK, only older versions of miniupnpd are affected. DD-WRT is usually doing an excellent job at keeping up with newer versions of the services it uses. Tomato's version 1.6 is also fine. I haven't tested mine yet, but I intend to upgrade to miniupnpd 1.6 anyway, just to be on the safe side.
23skidoo
DD-WRT Novice


Joined: 11 Feb 2013
Posts: 1

PostPosted: Mon Feb 11, 2013 6:38    Post subject: Reply with quote
I have build 14929 std-nokaid installed on my WRT160N v1, with basically the default configuration (all I did was change the SSID, set wireless security to WPA2+AES, and set a passphrase). I ran the Rapid7 UPnP Check and it is not vulnerable.
ColdBrew
DD-WRT Novice


Joined: 20 Nov 2008
Posts: 17
Location: USA

PostPosted: Mon Feb 11, 2013 13:49    Post subject: Reply with quote
23skidoo wrote:
I have build 14929 std-nokaid installed on my WRT160N v1, with basically the default configuration (all I did was change the SSID, set wireless security to WPA2+AES, and set a passphrase). I ran the Rapid7 UPnP Check and it is not vulnerable.


Is UPnP enabled? I can't remember if it is enabled by default.

_________________
Linksys WRT600N v1.1 - DD-WRT v24-sp2 (04/30/09) mega - build 12031M NEWD Eko
Linksys WRT54GS v2 - DD-WRT v24-sp2 (11/19/08) mega - build 10949M NEWD Eko
Linksys WRT54G v2 - DD-WRT v24-sp2 (11/19/08) std - build 10949M NEWD Eko
buddee
DD-WRT Guru


Joined: 06 Feb 2010
Posts: 7401
Location: Little Rock

PostPosted: Mon Feb 11, 2013 14:21    Post subject: Reply with quote
Not enabled by default..
_________________
Wireless N Config | Linking Routers | DD-WRT Wiki | DD-WRT Builds | Peacock - Broadcom FAQ

Having problems with port forwarding? Check out Port Forward Troubleshooting for more info.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum