Software Engineering Institute

UPnP

Universal Plug and Play (UPnP) is a system that allows network devices to operate together.

M-SEARCH
When a device adds itself to a UPnP network, it may send a broadcast request to get information about other UPnP devices already on the network. This broadcast message is called an M-SEARCH directive.

The problem
Sending an oversized M-SEARCH request to an affected D-Link router's LAN or WLAN interface may result in a buffer overflow. The following router models are reported to be affected:

• DI-524 Rev A, C, D
• DI-604 Rev E
• DI-624 Rev C, D
• DI-784 Rev A
• EBR-2310 Rev A
• WBR-1310 Rev A

An unauthenticated attacker may be able to execute arbitrary code or cause the router to reboot.

Upgrade
D-Link has issued firmware upgrades to address this vulnerability. See the D-Link support site for information on obtaining the latest version of firmware.

Disable UPnP
If the UPnP service is not needed, disabling it may reduce exposure to this vulnerability. Refer to D-Link's support site for instructions on how to disable UPnP on a particular model of router. The references section of this document has direct links to instructions on how to disable UPnP on some of the affected routers.

Restrict access
Restrict access to the LAN and WLAN interface to trusted hosts only. Preventing network traffic on port 1900/udp from reaching the LAN or WLAN interface may limit exposure to this vulnerability.