My home network never had the UPnP vulnerability, how to test your home's router

Posted by Paul Braren on Feb 5 2013 in
  • HowTo
  • Network

    • UPnP might be running on your router's Internet (WAN) port. Here's an excerpt from the wiki article on Universal Plug and Play, explaining what UPnP was intended to do:

    seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment

    Why on earth would you want that on the outside of your home network? Short answer, you don't.

    Last year, the big WiFi Protected Setup issue hit the news. This year, this week, it's UPnP, Universal Plug and Play that's got got my attention recently. Knowing that I had turned off UPnP on my home and family's routers for at least the last 6 years, I didn't give it much thought. There are ways to get similar functionality without UPnP, which admittedly take a bit more work, involving setting up the right port forwarding.

    Then I heard Security Now 389 Unplug UPnP and This Week in Enterprise Tech 28, learning from Steve Gibson that turning UPnP in your router's interface might only turn off the UPnP feature on the LAN side, not the WAN side. So it was time to do a look-up on my chosen router, the Cisco E4200 v1 router, discussed in many of my articles.

    Seems I'm in the clear, looking at the list of vulnerable routers at the bottom of this article
    Title: Information regarding US CERT Vulnerability Note VU#922681 – Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP
    Article ID: 28341, Original Release date: 29 Jan 2013 | Last revised: 01 Feb 2013

    but tested my WAN port's vulnerability anyway, using the very reputable GRC (Gibson Research Corporation) ShieldsUP! free scan done here:
    GRC's “Instant UPnP Exposure Test”
    www.grc.com/x/ne.dll?bh0bkyd2
    and yes, I do seem to be all set.

    ShieldsUP-Test-Results

    Here's some more articles about the potential issue that are good places to start, for your own checking for your friends and family.

    Posted by HD Moore in Information Security on Jan 29, 2013 1:05:19 AM

    This paper is the result of a research project spanning the second half of 2012 that measured the global exposure of UPnP-enabled network devices. The results were shocking to the say the least. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks outlined in this paper. The two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities.

    CERT Vulnerability Note VU#922681
    Portable SDK for UPnP Devices (libupnp) contains multiple buffer overflows in SSDP, Original Release date: 29 Jan 2013 | Last revised: 01 Feb 2013

    TinkerTry - PCs, EVs, home tech, efficiency and more, including virtualization. My opinions here, not my employer's.

    Paul Braren, MCSE in 1998, VCP #2681 in 2005, vExpert 2014 to 2024, Veeam Vanguard Emeritus, 2015 to 2019.

    Support TinkerTry

    PayPal | Patreon | VMware Store

    After 6 successful years testing then shipping well over 1,000 Xeon D Bundles, Wiredzone had to stop selling them in mid-2021 due to cost, supply, and logistics challenges. So far, Xeon D-1700/2700 (Ice Lake D) was a minor refresh for 2023, with Xeon D-1800/2800 (Granite Rapids D) refresh looking a little better for 2024. More cores, but still just PCIe Gen4 and DDR4. Looking ahead, I'm glad it's Pat Gelsinger at Intel's helm. I'm also grateful to have had the honor of working at VMware when Pat was the CIO there. I'll leave it at that, given the whole Broadcom thing.

    Easily update VMware ESXi at TinkerTry.com/easy-update-to-latest-esxi