Wednesday, February 6, 2013

First public patch for Broadcom UPnP vulnerability

First public patch for Broadcom UPnP vulnerability from TP-Link.

From: http://forum.tp-link.com/showthread.php?2252-Fixed-a-critical-vulnerability-issue-related-to-UPnP

Fixed a critical vulnerability issue related to UPnP
Model : TD-W8960N
Hardware Version : V4
Following the release this week of a research paper from security firm
Rapid7 describing vulnerabilities in the widely used Intel/Portable UPnP SDK and MiniUPnP SDK stacks, security researchers from DefenseCode announced that they identified a critical vulnerability in a separate UPnP stack developed by Broadcom and used in devices with Broadcom chipsets, including one device from TP-LINK, the TD-W8960N.
http://www.defensecode.com/public/De...y_Advisory.pdf
Being aware of the urgency of this issue, our R&D solved it immediately and released a beta Firmware for the customers who are worried about this problem to download.
You can find this beta Firmware here:
http://www.tp-link.com/en/support/do...rsion=V4#tbl_j
At the end of February, we will release the official FW, solving the UPnP Vulnerability of TD-W8960N.


Regards,
DefenseCode

No comments:

Post a Comment