Software Engineering Institute

Notified:  December 13, 2012 Updated: April 05, 2013

Status

Affected

Vendor Statement

Axis products included version 1.6.17 (or earlier) of the libupnp library. UPnP is enabled by default and is mainly used for discovery and NAT configuration. All releases prior to 5.50.2 are affected by this vulnerability except for the AXIS P135x-series where the correction was released in the latest 5.40.19.

Vendor Information

All Axis products running firmware verisons prior to 5.5x are potentially affected.

Axis included the latest version 1.6.18 of UPnP in order to address the vulnerability and it will be available in release 5.50.2 or later. For prior releases, users are recommended to turn off UPnP (Available under System Options/Network/UPnP)

Notified:  December 13, 2012 Updated: January 29, 2013

Status

Affected

Vendor Statement

Cisco is investigating this issue for potential impact to Cisco and Linksys products.  Please consult our public documents on this issue here:
 
Cisco's Security Advisory: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
 
Linksys Knowledge Base article: http://homekb.cisco.com/Cisco2/ukp.aspx?vw=1&articleid=28341

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
• http://homekb.cisco.com/Cisco2/ukp.aspx?vw=1&articleid=28341

Notified:  December 13, 2012 Updated: January 31, 2013

Status

Affected

Vendor Statement

January 30, 2013 UPDATE:

At the current time D-Link deploys firmware that has UPnP feature support on our devices. The UPnP features are enabled by software developer kits - Intel, Portable, and miniUPnP.

Recently, it has been discovered that the following UPnP versions may have a security vulnerability that could cause devices to become unstable, impair functionality, or disclose the services the devices offers (i.e. network camera feed):

All Versions of Intel SDK
Version of Portable SDK prior to V. 1.6.18
Version of MiniUPnP SDK prior to V. 1.1

Security and performance is of the utmost importance to D-Link across all product lines, including networking, surveillance, storage and entertainment solutions.

The company is currently assessing the recent findings surrounding UPnP technology and whether any D-Link products are susceptible to vulnerabilities. If any action is needed, D-Link will provide information online at www.dlink.com/upnp

Vendor Information

Customers that want to disable UPnP in the affected products can do so by following these steps:

Current Solution for Affected Products by Disabling UPnP

Step 1: Log into device wed configuration - For routers default URL

http://dlinkrouter.local or http://192.168.0.1

Step 2: Click on the Advanced tab at the top and then click on Advanced Network on the left-hand side.
Step 3: Under the UPnP Settings section, uncheck the disabled UPnP buttons to disable UPnP on the device
Step 4: Click Save Settings at the top to apply the settings.

*** Please note that disabling UPnP might adversely affect features and capabilities of the device and/or supporting applications or devices connecting to these products.

Vendor References

• http://www.dlink.com/us/en/technology/upnp

Notified:  December 13, 2012 Updated: January 29, 2013

Status

Affected

Vendor Statement

Cisco is investigating this issue for potential impact to Cisco and Linksys products.  Please consult our public documents on this issue here:
 
Cisco's Security Advisory: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
 
Linksys Knowledge Base article: http://homekb.cisco.com/Cisco2/ukp.aspx?vw=1&articleid=28341

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
• http://homekb.cisco.com/Cisco2/ukp.aspx?vw=1&articleid=28341

Notified:  December 13, 2012 Updated: January 30, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

From SSA-963338:

Siemens OZW and OZS products use the UPnP network protocol for supporting specific localization functions. The 3rd party library libupnp [1] used for this protocol is vulnerable to multiple stack-based buffer overflows, as reported by CERT-CC [2]. These vulnerabilities allow DoS attacks and possibly remote code execution if the affected network ports are reachable by an attacker. Siemens plans to provide official permanent fixes with upcoming firmware updates and product replacements, and describes a temporary workaround below.

Vendor References

• http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf

Notified:  December 13, 2012 Updated: January 30, 2013

Status

Affected

Vendor Statement

The following Sony products are affected by this vulnerability. Please access the links below for more details.

Multi Channel AV Receiver : STR-DA3700ES, STR-DA5700ES

[STR-DA5700ES]
in USA:
http://esupport.sony.com/US/p/news-item.pl?mdl=STRDA5700ES&news_id=461

in Canada:
http://esupport.sony.com/CA/p/news-item.pl?mdl=STRDA5700ES&news_id=461

in Europe(UK):
http://www.sony.co.uk/support/en/product/STR-DA5700ES/news/STR_DA_HN

[STR-DA3700ES]
in USA:
http://esupport.sony.com/US/p/news-item.pl?mdl=STRDA3700ES&news_id=461
in Canada:
http://esupport.sony.com/CA/p/news-item.pl?mdl=STRDA3700ES&news_id=461
in Europe(UK):
http://www.sony.co.uk/support/en/product/STR-DA3700ES/news/STR_DA_HN

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Notified:  December 13, 2012 Updated: February 28, 2013

Status

Affected

Vendor Statement

Synology products employ version 1.6.6 of the libupnp library for the following features: Video Station, Audio Station, Media Server, Surveillance Station, and EZ-Internet (UPnP router discovery).

All versions of DSM prior to DSM 4.2 are affected by this vulnerability. However, the vulnerability issue will be resolved in the official release of DSM 4.2, planned in March 2013.

Vendor Information

To avoid being affected by this vulnerability, users are recommended to do the following:

* Deploy firewall rules to block untrusted hosts from being able to access port 1900/UDP.
* Update to DSM 4.2 when it is officially released.

Users could also consider turning off UPnP features for the following applications:

* Video Station: Stop running Video Station.
* Audio Station: Turn off UPnP in the settings.
* Media Server: Stop running Media Server.
* EZ-Internet: Do not configure routers with EZ-Internet.
* Surveillance: Do not add IP cameras by searching IP cams on LAN in Surveillance Station.