ID CISA:E12038D7EC60D92A1EA036515737B034 Type cisa Reporter CISA Modified 2013-02-06T00:00:00
Description
Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU#922681.
US-CERT recommends that affected UPnP device vendors and developers obtain and employ libupnp version 1.6.18, which addresses these vulnerabilities.
US-CERT recommends that users and administrators review CERT Vulnerability Note VU#922681, disable UPnP (if possible), and restrict access to SSDP (1900/udp) and Simple Object Access Protocol (SOAP) services from untrusted networks such as the Internet.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.
{"id": "CISA:E12038D7EC60D92A1EA036515737B034", "type": "cisa", "bulletinFamily": "info", "title": "CERT Releases UPnP Security Advisory", "description": "Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note [VU#922681](<http://www.kb.cert.org/vuls/id/922681>). \n \nUS-CERT recommends that affected UPnP device vendors and developers obtain and employ libupnp version 1.6.18, which addresses these vulnerabilities. \n \nUS-CERT recommends that users and administrators review CERT Vulnerability Note [VU#922681](<http://www.kb.cert.org/vuls/id/922681>), disable UPnP (if possible), and restrict access to SSDP (1900/udp) and Simple Object Access Protocol (SOAP) services from untrusted networks such as the Internet.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2013/01/29/CERT-Releases-UPnP-Security-Advisory>); we'd welcome your feedback.\n", "published": "2013-01-29T00:00:00", "modified": "2013-02-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://us-cert.cisa.gov/ncas/current-activity/2013/01/29/CERT-Releases-UPnP-Security-Advisory", "reporter": "CISA", "references": ["http://www.kb.cert.org/vuls/id/922681", "http://www.kb.cert.org/vuls/id/922681"], "cvelist": [], "lastseen": "2021-02-24T18:08:35", "viewCount": 2, "enchantments": {"dependencies": {}, "score": {"value": 2.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:922681"]}, {"type": "ics", "idList": ["ICSA-20-282-02"]}, {"type": "threatpost", "idList": ["THREATPOST:F7C1C6A7D07F7CFA8DFDD80051147A3B"]}]}, "exploitation": null, "vulnersScore": 2.0}, "wildExploited": false, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"wildexploited": 1647356731, "dependencies": 1647589307, "score": 0}, "_internal": {"wildexploited_cvelist": null}}
