CERT Releases UPnP Security Advisory
Posted: Tue Jan 29, 2013 7:24 pmCERT Releases UPnP Security Advisory
Original release date: January 29, 2013
Last revised: --
Multiple vulnerabilities have been announced in libupnp, the open source
portable SDK for UPnP devices. Libupnp is employed by hundreds of
vendors for UPnP-enabled devices. Information is also available in CERT
Vulnerability Note VU#922681.
US-CERT recommends that affected UPnP device vendors and developers
obtain and employ libupnp version 1.6.18, which addresses these
vulnerabilities.
US-CERT recommends that users and administrators review CERT
Vulnerability Note VU#922681, disable UPnP (if possible), and restrict
access to SSDP (1900/upd) and Simple Object Access Protocol (SOAP)
services from untrusted networks such as the Internet.
Relevant URL(s):
<http://www.kb.cert.org/vuls/id/922681>
Original release date: January 29, 2013
Last revised: --
Multiple vulnerabilities have been announced in libupnp, the open source
portable SDK for UPnP devices. Libupnp is employed by hundreds of
vendors for UPnP-enabled devices. Information is also available in CERT
Vulnerability Note VU#922681.
US-CERT recommends that affected UPnP device vendors and developers
obtain and employ libupnp version 1.6.18, which addresses these
vulnerabilities.
US-CERT recommends that users and administrators review CERT
Vulnerability Note VU#922681, disable UPnP (if possible), and restrict
access to SSDP (1900/upd) and Simple Object Access Protocol (SOAP)
services from untrusted networks such as the Internet.
Relevant URL(s):
<http://www.kb.cert.org/vuls/id/922681>