Response to CERT VU#922681
The Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) Devices contains a library originally developed as the Intel SDK for UPnP Devices. Multiple stack-based buffer overflow vulnerabilities have been found in the popular versions of this library used on many network vendor devices. For more information on this vulnerability please visit: http://www.kb.cert.org/vuls/id/922681
IPitomy has not confirmed the vulnerability yet and is still investigating. However we are listing below the only products that could be affected as well as the recommended steps to prevent any potential exploitation of these vulnerabilities.
IP1000 and IP1000v2
- These products contain an affected version of the UPnP library. IPitomy recommends disabling UPnP permanently on these products.
- This product defaults the UPnP setting to “on”.
- Note we have scanned the IP1000 products from the WAN side and have determined that with the UPnP service on, the systems do not respond to UPnP requests from the WAN, therefore exploitation of these UPnP vulnerabilities would have to occur from the LAN side of the device.
- IPR20 contains router functionality. The UPnP service is disabled by default on these devices. IPitomy recommends that you ensure that UPnP service is disabled.
- IPitomy has confirmed that if UPnP service is enabled the device does not respond to UPnP requests on the WAN interface, therefore exploitation of these UPnP vulnerabilities would have to occur through the LAN side of the device.
- Properly installed (IPR20 WAN port connected to customer LAN), devices should not present these vulnerabilities.