# Security risk found for home routers



## Jetster (Feb 11, 2013)

Evidently they have found a security risk in over a million routers with UPnP. It effects many brands 

http://www.csoonline.com/article/727829/device-makers-blamed-for-consumer-risk-from-upnp-flaws

Here is a test for it

https://www.grc.com/shieldsup

My router Netgear WNDR4300


----------



## remixedcat (Feb 11, 2013)

Heard of this and my Amped Wireless R20000G and R10000 are not on any of the 3 lists!

http://remixedcat.blogspot.com/2013/02/huge-upnp-vulnerability-in-lots-of.html

I have a link to the lists as well.... 


I did both tests with UPnP on and I passed and go the "not responding" message instead of rejected message which the not responding message is the best one.

But both those routers ship with UPNP disabled.


----------



## Nordic (Feb 11, 2013)

Was turned on by default. Now off. Nothing I used anyways. Thanks for the tip. Router is a netgear 3700.


----------



## HammerON (Feb 11, 2013)

Shields up Captain:
"THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

(That's good news!)"


----------



## 1nf3rn0x (Feb 11, 2013)

Safe


----------



## AsRock (Feb 11, 2013)

Same here all blocked.


----------



## droopyRO (Feb 11, 2013)

Safe here also ... but why is the FBI knocking on my door ?


----------



## remixedcat (Feb 11, 2013)

also guys please specify what router you have here too... that would help others.


----------



## AsRock (Feb 11, 2013)

remixedcat said:


> also guys please specify what router you have here too... that would help others.



WRT54G running Tomato


----------



## syeef (Feb 11, 2013)

Already read about this on NextPowerUp! on Feb 3rd.
http://www.nextpowerup.com/news/692/upnp-flaws-expose-up-to-50-million-of-networking-devices.html




1nf3rn0x said:


> http://img.techpowerup.org/130211/Untitled.png
> Safe



Not Safe... Your IP is 58.168.116.239


----------



## syeef (Feb 11, 2013)

Looks like I am NOT Safe as well  .








I am using a AWB RG300 4G WiMAX Modem/Router that was supplied by my ISP.


----------



## _JP_ (Feb 11, 2013)

Router Model: Conceptronic C54BRS4A v1.0 (Grey box)
Firmware Version: 2.02

*UPnP ON*
Results:


> THE EQUIPMENT AT THE TARGET IP ADDRESS
> *DID NOT RESPOND TO OUR UPnP PROBES!*
> (That's good news!)



*UPnP OFF*
Results:


> THE EQUIPMENT AT THE TARGET IP ADDRESS
> *DID NOT RESPOND TO OUR UPnP PROBES!*
> (That's good news!)


----------



## Crap Daddy (Feb 11, 2013)

Everything's fine over here. I have D-link DIR 600 if that helps others.


----------



## FordGT90Concept (Feb 11, 2013)

Netopia 3341 ADSL Gateway (PPPoE)
D-Link DGL-4500 Router
Did not respond to UPnP probes.




syeef said:


> I am using a AWB RG300 4G WiMAX Modem/Router that *was supplied by my ISP*.


There's your problem.


----------



## TheMailMan78 (Feb 11, 2013)

I have one router plugged into the web and another router plugged into that. If the primary router is safe so is the second one correct?


----------



## FordGT90Concept (Feb 11, 2013)

Only if you are positive that the first router is not responding.  If the first is passing it through to the second and the second is not responding, the first may still be vulnerable.


----------



## brandonwh64 (Feb 11, 2013)

TheMailMan78 said:


> I have one router plugged into the web and another router plugged into that. If the primary router is safe so is the second one correct?



So you have two routers on the same network and why?


----------



## TheMailMan78 (Feb 11, 2013)

FordGT90Concept said:


> Only if you are positive that the first router is not responding.  If the first is passing it through to the second and the second is not responding, the first may still be vulnerable.



No the one I tested is the primary one. It didn't respond. The other one gets its internet connection from the primary one. No worries then. Thanks.



brandonwh64 said:


> So you have two routers on the same network and why?



Because one I have to use because I get my phone through it. However its not really the best wireless. So I have another router hooked up to it for wireless. Tablets and smart phones just don't like the primary router.


----------



## syeef (Feb 11, 2013)

FordGT90Concept said:


> syeef said:
> 
> 
> > I am using a AWB RG300 4G WiMAX Modem/Router that *was supplied by my ISP*.
> ...



My ISP only sells that Modem/Router and provides no option for 3rd-party  Modem/Router.


With *UPnP OFF *I get:


> THE EQUIPMENT AT THE TARGET IP ADDRESS
> *ACTIVELY REJECTED OUR UPnP PROBES!*
> 
> (That's good news!)


----------



## remixedcat (Feb 11, 2013)

wow with UPNP off you should get the "not responding" instead of rejection... that's wierd...

I get the "not responding" message with UPNP on on my Amped.


----------



## Phusius (Feb 11, 2013)

I have ATT Uverse router, says im all safe on my end.


----------



## erixx (Feb 11, 2013)

I run ShieldsUp! every once in a while since many years. Still trust it.

BTW, "REJECTED" is slightly less secure then "NOT RESPONDED"


----------



## remixedcat (Feb 11, 2013)

erixx said:


> I run ShieldsUp! every once in a while since many years. Still trust it.
> 
> BTW, "REJECTED" is slightly less secure then "NOT RESPONDED"



Yups and that's what I was sayin earlier...


----------



## johnspack (Feb 11, 2013)

Asus RT-N16 running EasyTomato,  no response.


----------



## syeef (Feb 11, 2013)

erixx said:


> BTW, "REJECTED" is slightly less secure then "NOT RESPONDED"





remixedcat said:


> Yups and that's what I was sayin earlier...



Hmm... Sad.

And it seems I won't be able to turn off UPnP after all... having trouble playing Multiplayer without it  .

And am I the only one here with this Security Issue? LOL.


----------



## remixedcat (Feb 11, 2013)

and your ISP won't let you buy your own and just use their modem only? how about turning the router function off in your router/modem and using a regular router?


----------



## Inioch (Feb 11, 2013)

Safe with Asus RT-N56U.

I do use UPnP inside my home network to run media from NAS to devices.


----------



## syeef (Feb 11, 2013)

remixedcat said:


> and your ISP won't let you buy your own and just use their modem only?



Yes, they won't let me buy my own :shadedshu
Here is the Modem/Router: http://www.techpowerup.com/forums/showthread.php?p=2672916#post2672916




remixedcat said:


> how about turning the router function off in your router/modem and using a regular router?



I will give it a try...
I am also running an Apache HTTP Server, don't know how will it affect it though.


----------



## digibucc (Feb 11, 2013)

thanks for this, luckily i'm safe "not responded"


----------



## remixedcat (Feb 11, 2013)

digibucc said:


> thanks for this, luckily i'm safe "not responded"



what router do you have? Please specify to assist others... thanks.



syeef said:


> Yes, they won't let me buy my own :shadedshu
> Here is the Modem/Router: http://www.techpowerup.com/forums/showthread.php?p=2672916#post2672916
> 
> 
> ...



I hate when ISPs do that... :shadedshu


----------



## Batou1986 (Feb 11, 2013)

Netgear WNR3500v2/U/L -- DD-WRT v24-sp2 (08/12/10) mega
Did not respond to upnp probe
DD-WRT master race reporting


----------



## 1freedude (Feb 11, 2013)

All it says is there is a risk.  So what? If I don't have a router, and use just the modem, am I safe?
What is the attacker going to do with my upnp?

Edit...

http://www.kb.cert.org/vuls/id/347812

Look at the date.


----------



## remixedcat (Feb 11, 2013)

You are even worse off... The router provides a bit of a firewall and NAT. The router can block a lot of attacks and such. My router has DDoS protection on it.


----------



## [XC] Oj101 (Feb 11, 2013)

Aaaaaaaanceint Billion BiPAC 7300GA - safe


----------



## manofthem (Feb 11, 2013)

I just ran the test on my Netgear WGR614, found safe:








After the test, I went in the router settings and found UPnP enabled, so I just turned it off, not wishing to risk anything.  Unless I find a reason to change it, I'll leave it disabled.


----------



## digibucc (Feb 11, 2013)

remixedcat said:


> what router do you have? Please specify to assist others... thanks.



of course sorry - Linksys E4200


----------



## droopyRO (Feb 11, 2013)

remixedcat said:


> also guys please specify what router you have here too... that would help others.


Yes you are right mine is TP-Link TL-R460.


----------



## Melvis (Feb 12, 2013)

The Billion im behind is safe!! no surprise Billion modems are awesome!!


----------



## BUCK NASTY (Feb 12, 2013)

brandonwh64 said:


> So you have two routers on the same network and why?


Lots of people have multiple Wireless routers. I have 2x Rosewill RNX-150RT running dd-wrt. One is my primary router and the other is a wireless bridge for my folding rigs inn the spare bedroom. Awesome little routers for $22.00 each.

BTW, this model is safe per the scan.


----------



## Asylum (Feb 12, 2013)

Cisco E-4200 V-2 safe.


----------



## burebista (Feb 12, 2013)

D-Link DIR 615 with DD-WRT safe on GRC and safe on Rapid7.


----------



## patrico (Feb 12, 2013)

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!

im safe, thx for the heads up


----------



## Deleted member 110753 (Feb 12, 2013)

Good News also for my TP-Link TL-WDR4900 !


----------



## rtwjunkie (Feb 27, 2013)

What I want to know, if the ISP's and router manufacturers pump out a forced firmware update, is how this will affect WHS 2011.  It relies upon UPnP being enabled in order to interact and backup the client computers (and also I believe to stream media).


----------



## Wrigleyvillain (Feb 27, 2013)

TheMailMan78 said:


> Because one I have to use because I get my phone through it. However its not really the best wireless. So I have another router hooked up to it for wireless. Tablets and smart phones just don't like the primary router.



Oh so it's technically just an "access point" for wireless then. Probably not necessary but you may be able to lock that thing down a bit further by disabling some functionality and such as you don't need it to actually do any routing (just provide a better 802.11 link to your network). I would turn off the wireless on the "main" router then too if you haven't already.


----------



## TheMailMan78 (Feb 27, 2013)

Wrigleyvillain said:


> Oh so it's technically just an "access point" for wireless then. Probably not necessary but you may be able to lock that thing down a bit further by disabling some functionality and such as you don't need it to actually do any routing (just provide a better 802.11 link to your network). I would turn off the wireless on the "main" router then too if you haven't already.



I was gonna do that but its an ISP router and every time I make any adjustments in it the damn thing gets reset by the ISP within 24 hours.


----------



## Wrigleyvillain (Feb 27, 2013)

Interesting. And a bit unsettling, lol. Well you have full control over the "access point" at least.


----------



## brandonwh64 (Feb 27, 2013)

TheMailMan78 said:


> I was gonna do that but its an ISP router and every time I make any adjustments in it the damn thing gets reset by the ISP within 24 hours.



I would look at other ISP's in your area before dealing with that much control over what you use as a modem/router.


----------



## TheMailMan78 (Feb 27, 2013)

brandonwh64 said:


> I would look at other ISP's in your area before dealing with that much control over what you use as a modem/router.



Meh don't bother me.


----------



## lemonadesoda (Feb 27, 2013)

XSBox GO+  GPRS/HSUPA/HSDPA+ to WLAN router
Firmware 1.7
GOOD 

I'd better check the SOHO router when I get back.


----------



## Krazy Owl (Feb 28, 2013)

Dlink DIR-625 

Not responded whatever I selected.

UPnP ON - UPnp OFF - WAN ping response ON -WAN ping response OFF

I tested the four possibilities and nothing changed.


----------

