• March 28, 2024, 04:18:58 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: D-Link's response to Akamai's UPnP NAT Injection disclosure  (Read 4543 times)

GreenBay42

  • Administrator
  • Level 11 Member
  • *
  • Posts: 2752
D-Link's response to Akamai's UPnP NAT Injection disclosure
« on: April 12, 2018, 07:50:21 AM »

Please visit http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10081 for the latest information and product information.



As of April 16, 2018:

On April 9, 2018, D-Link was notified by CERT/CC that cloud security solutions provider Akamai had disclosed (report available here) a large number of devices from many manufacturers are potentially vulnerable to UPnP NAT injection.

The report cited the following D-Link devices may possibly be subject to this vulnerability:

United States (US) Products:

DIR-601          Revision A, B, C, E, I
DIR-615          Revisions A, B
DIR-825          Revision A, B, C

Verizon DSL-2750B :: Sticker on base of Unit Verizon Part # DLDSL2750B   Not Affected :: UPnP is disabled on this model
 

Non-US Products:

DIR-620
DSL-2652BU
DSL-2750B revision E
DSL-2750E
DVG-2102S
DVG-5004S
RG-DLINK-WBR2300
DVG-N5402SP

The reported UPnP vulnerability appears to be an industry-wide issue. While our investigation is still ongoing, users may opt for disabling the UPnP services on the device.
« Last Edit: April 16, 2018, 08:01:10 AM by GreenBay42 »
Logged