Slashdot Mirror

← Back to Stories (view on slashdot.org)

50 Million Potentially Vulnerable To UPnP Flaws

Posted by Soulskill on from the much-lower-than-expected dept.

Gunkerty Jeb writes "In a project that found more than 80 million unique IP addresses responding to Universal Plug and Play (UPnP) discovery requests, researchers at Rapid7 were shocked to find that somewhere between 40 and 50 million of those are vulnerable to at least one of three known attacks. A Rapid7 white paper enumerated UPnP-exposed systems connected to the Internet and identified the number of vulnerabilities present in common configurations. Researchers found that more than 6,900 product models produced by 1,500 different vendors contained at least one known vulnerability, with 23 million systems housing the same remote code execution flaw. 'This research was primarily focused on vulnerabilities in the SSDP processor across embedded devices,' Rapid7's CSO HD Moore said. 'The general process was to identify what was out there, make a list of the most commonly used software stacks, and then audit those stacks for vulnerabilities. The results were much worse than we anticipated, with the most commonly used software stack (libupnp) also being the most vulnerable.'"

4 of 138 comments (clear)

  1. Because of the BSD license by Anonymous Coward · · Score: 1, Insightful

    Little incentive to contribute code as it will be snatched by Micro$oft and App£e.

  2. Long standing bet by EmperorOfCanada · · Score: 5, Insightful

    I have had a long standing bet as to how long it would take for someone to really nail most of the routers out there. It has always puzzled me how something like Linux or Windows can have a vulnerability of the week which is (usually) patched by most users in a flash. Yet there are many very old d-link, linksys, etc routers out there doing their thing without being massively attacked.

    The closest that I have seen to a good widespread attack was when a certain DSL modem would crash when script-kiddies were attacking NT machines and the same attack jammed up that model DSL modem. That wasn't really an attack and it didn't amount to much.

    So my bet still stands with modification: there will be an attack, it will be soon, it will be a worm, and people will (mostly) be blissfully unaware of (why is my internet so slow) it and certainly be incapable of dealing with it. Thus it will come down to the ISPs to deal with it which should be interesting to watch.

    1. Re:Long standing bet by Corwn+of+Amber · · Score: 3, Insightful

      Router software is utter, total, complete shit and all of it is attackable with 25-year-old buffer overflows.

      GP is right. A worm packing a handful of attacks, designed to replicate on old routers, would make hundreds of millions of victims and nothing could stop it.

      It would actually force the rock-stupid morons to replace their obsolete hardware, though. That would be a good thing. Even if they buy the new castrated shit hardware that won't ever be supported.

      --
      Making laws based on opinions that stem up from false informations leads to witch hunts.
  3. Re:Brilliant by design by rvw · · Score: 2, Insightful

    Rapid7 provide a testing tool. It requires Java. So to find one vulnerability, you have to install another.

    So don't install the Java plugin in your browser and quit bullshitting.