In February of this year, a student from the University of Utrecht in the Netherlands reports a flaw in the UPnP protocol to Linksys. In January he had told Microsoft about the bug and Broadcom was informed in March 2006. Microsoft’s response to him was that the bug only exists if a router was configured incorrectly.
Broadcom didn’t respond to him until he wrote his Proof of Concept paper in April. Recently he was informed that Linksys made a new firmware available for some their devices, but not all of them, that corrects this problem.
Most readers are at least aware of the UPnP Pprotocol. It is used in a lot of SOHO type routers and is used by some popular client applications such as MSN Messenger and Microsoft’s XBOX-Live. The UPnP protocol is not only used to configure routers. UPnP is also used, for example, in VoIP-applications to dynamically open ports on the router.
The UPnP-protocol uses well know Internet standards, like XML, HTTP and SOAP. Because of the scope of the flaws Armijn found we are going to focus on the way UPnP opens ports and forward ports to devices.Read Full Story