CERT Releases UPnP Security Advisory

2013-01-29T00:00:00
ID CISA:E12038D7EC60D92A1EA036515737B034
Type cisa
Reporter CISA
Modified 2013-02-06T00:00:00

Description

Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU#922681.

US-CERT recommends that affected UPnP device vendors and developers obtain and employ libupnp version 1.6.18, which addresses these vulnerabilities.

US-CERT recommends that users and administrators review CERT Vulnerability Note VU#922681, disable UPnP (if possible), and restrict access to SSDP (1900/udp) and Simple Object Access Protocol (SOAP) services from untrusted networks such as the Internet.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

We recently updated our anonymous product survey; we'd welcome your feedback.