3com, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Adobe Unknown

Notified:  April 09, 2008 Updated: April 09, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Alcatel Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Apple Computer, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

AT&T Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avaya, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Avici Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Borderware Technologies Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Bro Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CentOS Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Charlotte's Web Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Check Point Software Technologies Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cisco Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Clavister Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Computer Associates eTrust Security Management Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Conectiva Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Cray Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Data Connection, Ltd. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Debian GNU/Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

D-Link Systems, Inc. Unknown

Updated:  January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

EMC Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Engarde Secure Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Enterasys Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ericsson Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

eSoft, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Extreme Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

F5 Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fedora Project Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Force10 Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fortinet, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Foundry Networks, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

FreeBSD, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Fujitsu Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Gentoo Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Global Technology Associates Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hewlett-Packard Company Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hitachi Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Hyperchip Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM Corporation (zseries) Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IBM eServer Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ingrian Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intel Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Internet Security Systems, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Intoto Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

Intoto iGateway Firewall ships with UPnP feature, however it is disabled by default. Network administrator has to specifically enable this feature from management interface in order to make it operational. iGateway Firewall also has capability to set filters for source of UPnP messages, allowing only trusted machine's messages to be received and processed.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

IP Filter Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Juniper Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Linksys (A division of Cisco Systems) Unknown

Updated:  January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Lucent Technologies Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Luminous Networks Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

m0n0wall Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Mandriva, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

McAfee Not Affected

Notified:  January 15, 2008 Updated: January 21, 2008

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Microsoft Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

MontaVista Software, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multinet (owned Process Software Corporation) Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Multitech, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NEC Corporation Affected

Notified:  January 15, 2008 Updated: June 30, 2008

Status

Affected

Vendor Statement

Some of NEC products are affected by this vulnerability. For more details see http://www.nec.co.jp/security-info/secinfo/nv08-006.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NetBSD Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

netfilter Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Netgear, Inc. Unknown

Updated:  January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Network Appliance, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 30, 2008

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

NextHop Technologies, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nokia Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Nortel Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Novell, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

OpenBSD Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Openwall GNU/*/Linux Unknown

Notified:  January 15, 2008 Updated: January 16, 2008

Status

Unknown

Vendor Statement

Openwall GNU/*/Linux is not affected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

QNX, Software Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

RadWare, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Redback Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Red Hat, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Riverstone Networks, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secure Computing Network Security Division Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Secureworx, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Silicon Graphics, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Slackware Linux Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SmoothWall Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Snort Not Affected

Notified:  January 15, 2008 Updated: January 21, 2008

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sony Corporation Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sourcefire Not Affected

Notified:  January 15, 2008 Updated: January 21, 2008

Status

Not Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Stonesoft Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Sun Microsystems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

SUSE Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Symantec, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

The SCO Group Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

TippingPoint, Technologies, Inc. Not Affected

Notified:  January 15, 2008 Updated: January 16, 2008

Status

Not Affected

Vendor Statement

TippingPoint devices do not ship with UPnP.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Trustix Secure Linux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Turbolinux Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ubuntu Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Unisys Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

UPnP Unknown

Notified:  February 25, 2008 Updated: July 22, 2008

Status

Unknown

Vendor Statement

The security advisory described in CERT advisory http://www.kb.cert.org/vuls/id/347812 appears to stem from the ability of the Flash ActionScript platform to modify the content type header of HTTP requests made from that platform to other IP addresses. The demonstrated exploit to UPNP seems to be just one of many interactions that the ActionScript platform could cause based on note security problem when accessing services both in and outside the home. The UPnP Forum recommends that Adobe Flash users update to at least the Flash Player 9 April 2008 Security Update to protect their network systems from this and other potential attacks. The UPnP forum recommends that manufacturers support a security solution in their products for critical service methods. The UPnP forum standardized an access control solution in November 2003 that was designed to be used for this purpose, but to date has not be adopted by manufacturers. A complementary short-term solution is for manufacturers to use a non-fixed URL for their service URLBase values, so that they may not be predicted by such attacks. The UPnP forum is committed to providing value for consumers and the industry. As a result, we continue to actively work with the industry on security solutions that can be adopted in home environments. Per normal security practice, the UPnP forum recommends also that users change the default passwords on my product to protect against other non-UPnP attacks and that users follow the appropriate security precautions for their computer platforms.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Watchguard Technologies, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Wind River Systems, Inc. Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

ZyXEL Unknown

Notified:  January 15, 2008 Updated: January 15, 2008

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

View all 96 vendors View less vendors