UPnP Vulnerability



  • Hi, following the news of the recent flash based hack of UPnP is the pfSense implementation vulnerable to this level of manipultion?

    the hack was published here http://www.gnucitizen.org/blog/hacking-the-interwebs



  • Two things to note about that article:

    1. It requires you to be able to guess the IP of the router (which, for most people admittedly will be 192.168.0.1 or 192.168.1.1)
    2. You have to write a UPnP request that's specific to the router being targetted

    Oh, and ultimately it is simply about using UPnP the way it was designed to be used :)  The best solution is to ensure you don't run embedded media such as flash etc - if you're using FireFox try NoScript.



  • I was aware of the port forwarding features of UPnP but not of its ability to change DNS servers etc, port redirection isnt much of a concern to me, but DNS alterations are, is there any way to disable this part of UPnP or prevent pfSense DNS Server entries from being altered by it?



  • I'm not sure if pfSense's UPnP implementation supports that, however go re-read my previous post - if you're not using trivially guessable IPs for your pfSense host and the exploit doesn't target pfSense explicitly then you're probably ok.

    The following thread may eventually contain some of the answers: http://miniupnp.tuxfamily.org/forum/viewtopic.php?t=433


Log in to reply