Security Advisories
Security Advisories > SAP10036
(Rapid7) Device UPnP Software Stack - Command Injection Via UDP - Affected/Corrected Device-List
Publication ID: SAP10036
Resolved Status: Yes
Published on: 3 July 2014 1:10 GMT
Last updated on: 3 July 2014 3:13 GMT

Overview

 

 

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.

D-Link deploys firmware that has UPnP feature support on our devices. The UPnP features are enabled by software developer kits - Intel, Portable, and miniUPnP.

In January 2013, it was discovered that the following UPnP versions may have a security vulnerability that could cause devices to become unstable, impair functionality, or disclose the services the devices offers (i.e. network camera feed):

  • All Versions of Intel SDK
  • Version of Portable SDK prior to V. 1.6.18
  • Version of MiniUPnP SDK prior to V. 1.1

Security and performance is of the utmost importance to D-Link across all product lines, including networking, surveillance, storage and entertainment solutions.

The company is currently assessing the recent findings surrounding UPnP technology and whether any D-Link products are susceptible to vulnerabilities. 
 
We are currently updating our Vendor responses at US-CERT (US Computer Emergency Readiness Team) for the support CVEs (Common Vulnerabilities and Exposures).

We also discourage the use of industry-available tools available to the public because of the number of false-negatives and false-positives. This potential vulnerability is complex and requires deeper inspection and replacement of the recommend SDK stated in the CVEs. 

 

Region

 

These products were sold outside North America.

 

References

 

Rapid7 - Disclosure - Link - Security Flaws in Universal Plug and Play: Unplug, Don't Play

HD Moore  - Link - Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.

CVE-2012-5958 - Link
CVE-2012-5959 - Link 
CVE-2012-5960 - Link 
CVE-2012-5961 - Link 
CVE-2012-5962 - Link 
CVE-2012-5963 - Link
CVE-2012-5964 - Link
CVE-2012-5965 - Link 

 

Immediate Recommendations for all D-Link device customers

 

  • If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorised persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
  • Make sure that your wireless network is secure.
  • Do not provide your admin password to anyone. If required we suggest updating the password frequently.

 

Description

 

We encourge you to read the author orginal text to avoid misinterpretation and duplicating their work:

 

  • Rapid7 - Disclosure - Link - Security Flaws in Universal Plug and Play: Unplug, Don't Play
  • HD Moore  - Link - Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
  • CVE-2012-5958 - Link
  • CVE-2012-5959 - Link 
  • CVE-2012-5960 - Link 
  • CVE-2012-5961 - Link 
  • CVE-2012-5962 - Link 
  • CVE-2012-5963 - Link
  • CVE-2012-5964 - Link
  • CVE-2012-5965 - Link 
Our conclusion is that the cause of these issues are similar and have group our disclosure accordingly.

 

 

Affected Products

 

Model Name

HW Version

Current FW Version

New FW Version for this exploit fix

   


  • FW:
     
  • FW:
     
  • FW: 
   
  • FW:

 

Security patches for your D-Link Product

 

These firmware updates address the security vulnerabilities in affected D-Link products. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.