Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Flash UPNP attack vector - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Flash UPNP attack vector

GNUcitizen has issued a blog posting regarding a new method of exploiting UPNP-enabled devices - by having a user access a malicious SWF file. The group was able to identify how Flash can be used to generate an URLRequest to a UPNP control point, allowing an external party to reconfigure that device.

One limiting factor is that the IP address of the router needs to be known, but on most end user networks this is trivial: these machines are within well known private ranges and are generally at the .1 or .254 end of the spectrum. With further review and information pending, we suggest evaluating (as with any piece of functionality) whether there is a legitimate need to have UPNP enabled on affected devices. Some guidance from the US-CERT can be found here.


158 Posts
Jan 15th 2008

Sign Up for Free or Log In to start participating in the conversation!