Probable remote UPNP vulnerability's reported, router listed: what to
Rapid7 reports a research finding that many many routers are prone to remote (i.e. from the internet) attacks.
There are roughly two classes of routers:
- Those that use libupnp from Intel. These issue's are fixed in recent days. Version 1.6.18 is patched for all known vulnerability's. This first patched version was released yesterday (29-01-13)(!).
- Those that use MiniUPnP. But the latest flaws have been fixed in version 1.4 which was released at 30-10-2009. Furthermore, there are also SOAP vulnerability's in miniupnpd 1.0 and below, here. Miniupnpd 1.1 was released at 25-04-2008.
Both pieces of software run as root and are (somewhat) remote exploitable. This worries me.
The thing is, my device is listed at the second list (miniupnp, not SOAP). However, I checked the device and it says for miniupnpd:
/usr/sbin/miniupnpd -i nas0 -a 10.xxx.xxx.xxx -p 5000 -U
I am not able to determine the version. However, wouldn't it just suffice to say:
- block inbound udp port 5000
- enable UPNP
- all is well
And I'm inclined to say this would suffice. Slashdot posters have made critical statements as to how reliable the results and lists are derived.
For example, you have to spoof an IP as well. But I'm running non-default ip subnet (10.0.0.0/8) in my home network.