Millions of Smart TVs, Phones and Routers At Risk From Old Vulnerability

itwbennett writes: Adding fuel to the growing concern over how manufacturers of devices such as routers and smart TVs deal with security vulnerabilities that emerge in their products, Trend Micro found that a 3-year-old vulnerability in a software component used in millions of smart TVs, routers and phones still hasn't been patched by many vendors. Although a patch was issued for the component in December 2012, Trend Micro found 547 apps that use an older unpatched version of it, wrote Veo Zhang, a mobile threats analyst on the Trend Micro blog. 'These are very popular apps that put millions of users in danger; aside from mobile devices, routers, and smart TVs are all at risk as well,' he wrote.

Re:Apologists unite!

[BarbaraHudson]

It must be in one of those open source components, since Slashdot is not listing the actual component name.

Too busy trying to get a first post to bother reading the first line in the first link?

The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet.

libupnp vulnerability

[ginoledesma]

Summary doesn't mention this, but the vulnerability is in libupnp that is used by most of these mobile apps.

Re:libupnp vulnerability

Summary doesn't mention this, but the vulnerability is in libupnp that is used by most of these mobile apps.

UPNP? Well, there's your problem. A protocol that requires zero authentication and has complete trust when it's enabled. What could possibly go wrong?