SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#971705

Multiple D-Link routers fail to properly process UPnP M-SEARCH requests

Overview

A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device.

I. Description

UPnP

Universal Plug and Play (UPnP) is a system that allows network devices to operate together.

M-SEARCH
When a device adds itself to a UPnP network, it may send a broadcast request to get information about other UPnP devices already on the network. This broadcast message is called an M-SEARCH directive.

The problem
Sending an oversized M-SEARCH request to an affected D-Link router's LAN or WLAN interface may result in a buffer overflow. The following router models are reported to be affected:

  • DI-524 Rev A, C, D
  • DI-604 Rev E
  • DI-624 Rev C, D
  • DI-784 Rev A
  • EBR-2310 Rev A
  • WBR-1310 Rev A

II. Impact

An unauthenticated attacker may be able to execute arbitrary code or cause the router to reboot.

III. Solution

Upgrade
D-Link has issued firmware upgrades to address this vulnerability. See the D-Link support site for information on obtaining the latest version of firmware.

Disable UPnP
If the UPnP service is not needed, disabling it may reduce exposure to this vulnerability. Refer to D-Link's support site for instructions on how to disable UPnP on a particular model of router. The references section of this document has direct links to instructions on how to disable UPnP on some of the affected routers.

Restrict access
Restrict access to the LAN and WLAN interface to trusted hosts only. Preventing network traffic on port 1900/udp from reaching the LAN or WLAN interface may limit exposure to this vulnerability.

Systems Affected

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Vulnerable20-Jul-2006

References


http://secunia.com/advisories/21081/
http://www.eeye.com/html/research/advisories/AD20060714.html
http://support.dlink.com/products/view.asp?productid=DI%2D524
http://support.dlink.com/

Credit

Barnaby Jack of eEye Digital Security reported this vulnerability.

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-07-17
Date First Published:2006-08-03
Date Last Updated:2007-01-23
CERT Advisory: 
CVE-ID(s):CVE-2006-3687
NVD-ID(s):CVE-2006-3687
US-CERT Technical Alerts: 
Metric:0.14
Document Revision:59

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader