Up to 50 million home networking devices vulnerable with UPnP
Click here to post a comment for Up to 50 million home networking devices vulnerable with UPnP on our message forum
HonoredShadow
I ran the tool on my D-link router. No problems!
WhiteLightning
Moderator
"Congratulations! Your router did not respond to a UPnP discovery request. "
:D
PhazeDelta1
I'm good to go.
Speed Weed
No probs with my router either.
kakarot
Not sure how accurate that test is but the dlink 655 seems to be safe as well
k1net1cs
My TP-Link routers are all safe, according to the online test.
I just have to wonder, though.
They are supposed to be security experts, yet their offline scanning tool requires Java?
Moreover, it's recommended for business users?
That didn't really register with me.
bdub5886
I wonder who has this problem because everyone who has posted the UPnP is not enabled. My linksys router did not respond to the request either.
CronoGraal
wouldn't it be funny if this was the actual attack?
mmicrosysm
http://fc08.deviantart.net/fs70/i/2011/091/9/e/ace_attorney____o_face_by_kdthompson-d3cy1co.png
Both my routers came back safe.
airbud7
I'm Safe.
"Congratulations! Your router did not respond to a UPnP discovery request."
Comcast gateway.
The Laughing Ma
Virgin Super Hub is also safe.
k1net1cs
The thing is, UPnP is always enabled on the routers I use.
By the way, guys, the online test only tests one of the three vulnerabilities being discussed in the whitepaper.
You have to run the Java-based scanner to scan for all three.
kakarot
Thanks for the heads up, it passed all tests in the app well. I too have noticed upnp being enabled by default on all routers I've ever seen.
Edit- Btw, it is fairly safe to have java installed as long as you disable it in the browsers you're using. Also a good av like NIS should block most crap even with the browser plugins enabled
PhazeDelta1
Where is this java based scanner at?
kakarot
The link next to the online test; "Download ScanNow"
Veeshush
D-Link DGL-4500 here, no issues.
Same thoughts. Although I think if I remember right most experts recommend disabling upnp anyway, and according to http://upnp-check.rapid7.com/faq I think that also stops it. I had it enabled when I scanned and still had no reports back.
But then again I wonder how good the scanner is. Not really losing sleep over it yet either.
edit
crap, looks like I need to run the java version to be sure. I have 64bit Java 7 installed but it didn't pick it up that I had it, so I'm going to try downloading 32bit.
edit2
Yeah I just confirmed it. If you have a 64bit system (everyone here) you'll need to be sure Java 7 32bit is installed for the offline scanner to work. I still didn't get any reports of anything bad.
PhazeDelta1
Ah thanks.
Downloaded it and still good to go.
tsunami231
i have upnp disabled on my routers and most devices and have had it that way for very long time
sykozis
Disabling UPnP is the first thing I do on a new router....
Lane
when i have some problem to trust this info, i have do a scan, no problem at all with a simple ****ty Zyxel VDSL2 router. ( maybe not so ****ty as it cost 250$ )
