On April 9, 2018, D-Link was notified by CERT/CC that cloud security solutions provider Akamai had disclosed (report available here) a large number of devices from many manufacturers are potentially vulnerable to UPnP NAT injection. 


The report cited the following D-Link devices may possibly be subject to this vulnerability: 


United States (US) Products: 


DIR-601          Revision A, B, C, E, I

DIR-615          Revisions A, B

DIR-825          Revision A, B, C


Verizon DSL-2750B :: Sticker on base of Unit Verizon Part # DLDSL2750B   Not Affected :: UPnP is disabled on this model

 


Non-US Products:


DIR-620

DSL-2652BU

DSL-2750B revision E

DSL-2750E

DVG-2102S

DVG-5004S

RG-DLINK-WBR2300

DVG-N5402SP


The reported UPnP vulnerability appears to be an industry-wide issue. While our investigation is still ongoing, users may opt for disabling the UPnP services on the device.

블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

티스토리 툴바