Security Advisories
Security Advisories > SAP10036
UPnP Software Stack Vulnerabilities (Rapid7) - Command Injection Via UDP - Affected/Corrected Devices
Publication ID: SAP10036
Resolved Status: Yes
Published on: 3 July 2014 1:10 GMT
Last updated on: 21 August 2014 10:47 GMT

Overview

 

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.

D-Link deploys firmware that has UPnP feature support on our devices. The UPnP features are enabled by software developer kits - Intel, Portable, and miniUPnP.

In January 2013, it was discovered that the following UPnP versions may have a security vulnerability that could cause devices to become unstable, impair functionality, or disclose the services the devices offers (i.e. network camera feed):

  • All Versions of Intel SDK
  • Version of Portable SDK prior to V. 1.6.18
  • Version of MiniUPnP SDK prior to V. 1.1

Security and performance is of the utmost importance to D-Link across all product lines, including networking, surveillance, storage and entertainment solutions.

The company is currently assessing the recent findings surrounding UPnP technology and whether any D-Link products are susceptible to vulnerabilities. 
 
We are currently updating our Vendor responses at US-CERT (US Computer Emergency Readiness Team) for the support CVEs (Common Vulnerabilities and Exposures).

We also discourage the use of industry-available tools available to the public because of the number of false-negatives and false-positives. This potential vulnerability is complex and requires deeper inspection and replacement of the recommend SDK stated in the CVEs. 

 

References

 

Rapid7 - Disclosure - Link - Security Flaws in Universal Plug and Play: Unplug, Don't Play

HD Moore  - Link - Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.

CVE-2012-5958 - Link
CVE-2012-5959 - Link 
CVE-2012-5960 - Link 
CVE-2012-5961 - Link 
CVE-2012-5962 - Link 
CVE-2012-5963 - Link
CVE-2012-5964 - Link
CVE-2012-5965 - Link 

 

Immediate Recommendations for all D-Link device customers

 

  • If you receive unsolicited e-mails that relates to security vulnerabilities and prompt you to action, please ignore it. When you click on links in such e-mails, it could allow unauthorised persons to access your router. Neither D-Link nor its partners and resellers will send you unsolicited messages where you are asked to click or install something.
  • Make sure that your wireless network is secure.
  • Do not provide your admin password to anyone. If required we suggest updating the password frequently.

 

Description

 

We encourge you to read the author orginal text to avoid misinterpretation and duplicating their work:

 

  • Rapid7 - Disclosure - Link - Security Flaws in Universal Plug and Play: Unplug, Don't Play
  • HD Moore  - Link - Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
  • CVE-2012-5958 - Link
  • CVE-2012-5959 - Link 
  • CVE-2012-5960 - Link 
  • CVE-2012-5961 - Link 
  • CVE-2012-5962 - Link 
  • CVE-2012-5963 - Link
  • CVE-2012-5964 - Link
  • CVE-2012-5965 - Link 

Our conclusion is that the cause of these issues are similar and have group our disclosure accordingly.

 

 

 

Affected Current Products

 

Model Name

HW Version

Current FW Version

New FW Version for this exploit fix

   


  • FW:
     
  • FW:
     
  • FW: 
   
  • FW:

 

Affected End of Life Products 

Model Name

HW Version

Current FW Version

New FW Version for this exploit fix

DIR-100

 All

All

  • Disable UPnP Feature
DIR-120 All All
  • Disable UPnP Feature
DIR-524UP All All
  • Disable UPnP Feature
DIR-524UPM All
All
  • Disable UPnP Feature
DIR-604+ All All
  • Disable UPnP Feature
DIR-604UP All All
  • Disable UPnP Feature
DIR-604UPM All All
  • Disable UPnP Feature
DIR-624S All All
  • Disable UPnP Feature
WBR-1320 All All
  • Disable UPnP Feature

 

Security patches for your D-Link Product

 

These firmware updates address the security vulnerabilities in affected D-Link products. D-Link will update this continually and we strongly recommend all users to install the relevant updates.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.