Notified:  January 08, 2013 Updated: February 01, 2013

Statement Date:   January 31, 2013

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

IPitomy Communications Response to CERT VU#922681 1/31/2013 Summary The Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) Devices contains a library originally developed as the Intel SDK for UPnP Devices. Multiple stack-based buffer overflow vulnerabilities have been found in the popular versions of this library used on many network vendor devices. For more information on this vulnerability please visit: http://www.kb.cert.org/vuls/id/922681 Affected Products IPitomy has not confirmed the vulnerability yet and is still investigating. However we are listing below the only products that could be affected as well as the recommended steps to prevent any potential exploitation of these vulnerabilities. IP1000 and IP1000v2 These products contain an affected version of the UPnP library. IPitomy recommends disabling UPnP permanently on these products. This product defaults the UPnP setting to “on”. Note we have scanned the IP1000 products from the WAN side and have determined that with the UPnP service on, the systems do not respond to UPnP requests from the WAN, therefore exploitation of these UPnP vulnerabilities would have to occur from the LAN side of the device. IPR20 IPR20 contains router functionality. The UPnP service is disabled by default on these devices. IPitomy recommends that you ensure that UPnP service is disabled. IPitomy has confirmed that if UPnP service is enabled the device does not respond to UPnP requests on the WAN interface, therefore exploitation of these UPnP vulnerabilities would have to occur through the LAN side of the device. Properly installed (IPR20 WAN port connected to customer LAN), devices should not present these vulnerabilities.

Vendor References

• http://www.ipitomy.com/index.php/mi-security-notice-ip001

Notified:  December 13, 2012 Updated: January 29, 2013

Status

Affected

Vendor Statement

Cisco is investigating this issue for potential impact to Cisco and Linksys products.  Please consult our public documents on this issue here: Cisco's Security Advisory: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp Linksys Knowledge Base article: http://homekb.cisco.com/Cisco2/ukp.aspx?vw=1&articleid=28341

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
• http://homekb.cisco.com/Cisco2/ukp.aspx?vw=1&articleid=28341

Notified:  December 13, 2012 Updated: January 30, 2013

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

From SSA-963338: Siemens OZW and OZS products use the UPnP network protocol for supporting specific localization functions. The 3rd party library libupnp [1] used for this protocol is vulnerable to multiple stack-based buffer overflows, as reported by CERT-CC [2]. These vulnerabilities allow DoS attacks and possibly remote code execution if the affected network ports are reachable by an attacker. Siemens plans to provide official permanent fixes with upcoming firmware updates and product replacements, and describes a temporary workaround below. The full advisory can be found at the URL below.

Vendor References

• http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf

Notified:  December 13, 2012 Updated: January 30, 2013

Status

Affected

Vendor Statement

The following Sony products are affected by this vulnerability. Please access the links below for more details. Multi Channel AV Receiver : STR-DA3700ES, STR-DA5700ES [STR-DA5700ES] in USA: http://esupport.sony.com/US/p/news-item.pl?mdl=STRDA5700ES&news_id=461 in Canada: http://esupport.sony.com/CA/p/news-item.pl?mdl=STRDA5700ES&news_id=461 in Europe(UK): http://www.sony.co.uk/support/en/product/STR-DA5700ES/news/STR_DA_HN [STR-DA3700ES] in USA: http://esupport.sony.com/US/p/news-item.pl?mdl=STRDA3700ES&news_id=461 in Canada: http://esupport.sony.com/CA/p/news-item.pl?mdl=STRDA3700ES&news_id=461 in Europe(UK): http://www.sony.co.uk/support/en/product/STR-DA3700ES/news/STR_DA_HN

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Notified:  December 13, 2012 Updated: February 28, 2013

Status

Affected

Vendor Statement

Synology products employ version 1.6.6 of the libupnp library for the following features: Video Station, Audio Station, Media Server, Surveillance Station, and EZ-Internet (UPnP router discovery). All versions of DSM prior to DSM 4.2 are affected by this vulnerability. However, the vulnerability issue will be resolved in the official release of DSM 4.2, planned in March 2013.

Vendor Information

To avoid being affected by this vulnerability, users are recommended to do the following: * Deploy firewall rules to block untrusted hosts from being able to access port 1900/UDP. * Update to DSM 4.2 when it is officially released. Users could also consider turning off UPnP features for the following applications: * Video Station: Stop running Video Station. * Audio Station: Turn off UPnP in the settings. * Media Server: Stop running Media Server. * EZ-Internet: Do not configure routers with EZ-Internet. * Surveillance: Do not add IP cameras by searching IP cams on LAN in Surveillance Station.