Thursday, April 6, 2017

BroadCom UPnP Format String Preauth Root Exploit Aftermath (Few Years Later) 

Hi,

Few years ago, we have discovered a remotely exploitable preauth Format
String vulnerability in Broadcom UPnP implementation used in popular
routers.
Vendors were notified and advisory was published -
http://defensecode.com/public/DefenseCode_Broadcom_Security_Advisory.pdf .
Broadcom fixed the vulnerability in their UPnP implementation and some
router vendors did it also.

Vulnerability was initially discovered on Cisco Linksys (now Belkin)
WRT54GL routers, but as stated before, vulnerable UPnP implementation
was used by many vendors.
Back in the days, Cisco fixed the vulnerability, but we are not sure
about all other router vendors and models because there are too many of
them.

When we initially discovered the vulnerability, Rapid7 also discovered
various overflows in other popular UPnP implementations, and published a
paper about it.
Rapid7 document about vulnerabilities they discovered in UPnP
implementations: https://community.rapid7.com/docs/DOC-2150
When they did the research, there were approx. 15 Million devices with
vulnerable Broadcom UPnP implementation discovered on the Internet,
probably many more in the Intranets.

We have written a paper about detailed exploitation steps for now fixed
Broadcom UPnP Format String vulnerability, but never published it due to
the severity of the bug.
Now, few years later, we feel comfortable to release a full research
paper with vulnerability details and exploitation steps for discovered
Format String vulnerability.
Big issue with routers is that they are rarely updated by users with new
firmware and there could be still a lot of vulnerable routers on the
Internet and in the Intranets.

Full research paper on discovery and exploitation of the Broadcom UPnP
Format String vulnerability can be found on the following link:

http://www.defensecode.com/whitepapers/From_Zero_To_ZeroDay_Network_Devices_Exploitation.txt

Since Broadcom and vendors that use their chipsets ship fixed versions of the UPnP implementation for some time now, the vulnerability isn't a 0day for some time. 

Still, we are sure there are plenty unpatched routers out there.


Regards,
DefenseCode Team
Posted by at

37 comments:

  1. Green MichelAugust 23, 2017 at 7:18 PM

    Adidas Yeezy Boost 350
    Adidas Marathon Shoes

    Adidas Springblade Shoes
    Adidas Harden Boost Shoes
    Adidas NMD Shoes

    Salomon Shoes
    Salomon Speedcross 4
    Salomon S-LAB Sense 4 Shoes

    ReplyDelete
  2. Rajesh RaoNovember 14, 2017 at 3:20 AM

    It's Really A Great Post.
    Best IT Training in Bangalore

    ReplyDelete
  3. Infocampus Logics Pvt LtdMay 15, 2018 at 3:36 AM

    Its an Great Information.
    RPA Training In Marathahalli Bangalore

    Java Training In Bangalore

    ReplyDelete
  4. hussain dAugust 2, 2018 at 4:51 AM

    It’s hard to come by experienced people about this subject, but you seem
    like you know what you’re talking about! Thanks

    Java Training in Bangalore
    iOS Training in Bangalore
    Java Training in Bangalore
    http://www.arrowtricks.com

    ReplyDelete
  5. hussain dAugust 14, 2018 at 3:22 AM

    Keep posting waiting for next post.
    Java Training in Bangalore

    ReplyDelete
  6. mohit sonaSeptember 17, 2018 at 1:27 AM

    nice post
    how to write out a check

    ReplyDelete
  7. pexejurerOctober 3, 2018 at 11:08 PM

    kinguser apk download poweramp apk download leo playcard apk download

    ReplyDelete
  8. DeepikaNovember 10, 2018 at 3:06 AM

    very nice post...
    ServiceNow Integration Training in Bangalore

    ServiceNow Developer Training in Bangalore
    ServiceNow Admin Training in Bangalore

    ReplyDelete
  9. Sports education worldwideNovember 14, 2018 at 1:26 AM

    hotmail sign up login

    ReplyDelete
  10. Soujanya BargaviNovember 26, 2018 at 10:49 PM

    Great Post, thanks for sharing info on BroadCom UPnP Format String Preauth Root Exploit Aftermath. Microsoft Dynamics NAV Training

    ReplyDelete
  11. kayalDecember 6, 2018 at 10:50 PM

    Nice Blog
    iot courses in Bangalore

    internet of things training course in Bangalore

    internet of things course in Bangalore

    ReplyDelete
  12. Sadhana RathoreDecember 7, 2018 at 10:08 PM

    Thanks for taking time to share this valuable information admin.
    ccna course in Chennai
    ccna certification in Chennai
    ccna Training in Velachery
    AWS Training in Chennai
    RPA Training in Chennai
    Angularjs Training in Chennai

    ReplyDelete
  13. ashaDecember 10, 2018 at 10:35 PM

    Nice Blog
    best training institute for hadoop in Bangalore

    best big data hadoop training in Bangalroe

    hadoop training in bangalore

    hadoop training institutes in bangalore

    hadoop course in bangalore

    ReplyDelete
  14. zaraDecember 24, 2018 at 3:06 AM

    I found some useful information in your blog
    RPA Training in Chennai
    AWS Training in Chennai
    Hadoop Training in Chennai
    Data Science Training in Chennai

    ReplyDelete
  15. Oliver MauriceJanuary 24, 2019 at 5:17 AM

    You need to look at this page for some info on how to write great research project. Maybe it could be helpful for your future

    ReplyDelete
  16. shivaniFebruary 9, 2019 at 1:11 AM

    Excellent blog I visit this blog it's really awesome. The important thing is that in this blog content written clearly and understandable. The content of information is very informative.
    Workday HCM Online Training!
    Oracle Fusion Financials Online Training
    Oracle Fusion HCM Online Training
    Oracle Fusion SCM Online Training

    ReplyDelete
  17. thulasi raginiFebruary 9, 2019 at 2:44 AM

    Your good knowledge and kindness in playing with all the pieces were very useful. I don’t know what I would have done if I had not encountered such a step like this.
    python Training institute in Chennai
    python Training institute in Bangalore

    ReplyDelete
  18. MounikaMarch 2, 2019 at 2:52 AM

    Hello! Someone in my Facebook group shared this website with us, so I came to give it a look. I’m enjoying the information. I’m bookmarking and will be tweeting this to my followers! Wonderful blog and amazing design and style.
    Data Science training in Chennai
    Data Science training in bangalore
    Data Science training institute in bangalore

    ReplyDelete
  19. mobile application developmentMarch 6, 2019 at 8:46 PM

    Amazing Post. Your writing is very inspiring. Thanks for Posting.
    Mobile App Development Company in chennai
    mobile app development chennai
    Mobile application development company in chennai
    Mobile application development chennai
    Mobile apps development companies in chennai
    enterprise mobile app development company

    ReplyDelete
  20. Java application developmentMarch 7, 2019 at 4:39 AM

    I have perused your blog its appealing and noteworthy. I like it your blog.
    java software development company
    Java web development company
    Java development companies
    java development services
    Java application development services

    ReplyDelete
  21. shivaniMarch 8, 2019 at 4:26 AM

    Astonishing web diary I visit this blog it's incredibly magnificent. Strangely, in this blog content made doubtlessly and sensible. The substance of information is instructive.
    Oracle Fusion Financials Online Training
    Oracle Fusion HCM Online Training
    Oracle Fusion SCM Online Training

    ReplyDelete
  22. shonaMarch 11, 2019 at 12:13 AM

    Great post. Thank you for sharing on UPnP Format String
    machine learning with python training

    ReplyDelete
  23. Software development companyMarch 11, 2019 at 7:57 AM

    I have scrutinized your blog its engaging and imperative. I like it your blog.
    custom application development services
    Software development company
    software application development company
    offshore software development company
    custom software development company

    ReplyDelete
  24. best ppc company in indiaMarch 12, 2019 at 11:39 PM

    I have inspected your blog its associating with and essential. I like it your blog.
    ppc services in india
    best ppc company in india
    ppc services india
    ppc advertising services
    ppc services company

    ReplyDelete
  25. DigitalmarketingMarch 13, 2019 at 5:20 AM

    I have perused your blog its appealing and noteworthy. I like it your blog.
    digital marketing company in chennai,
    digital marketing agency in india,
    digital marketing company in chennai,
    online marketing company in chennai,
    digital marketing company in india,
    digital marketing services,
    digital marketing company

    ReplyDelete
  26. HKR SupportsMarch 18, 2019 at 1:15 AM

    Thanks for taking time to share this valuable information admin.
    remote resource

    ReplyDelete
  27. digitalsourabhApril 1, 2019 at 1:08 AM

    I am really happy to read your blog. your blog is very good and informative for me.
    Your blog contain lots of information. It's such a nice post. I found your blog through my friend if you want to know about more property related information please check out here. With the experience of over 3 decades, Agrawal Construction Company is the biggest and the best builders in bhopal and the trust holder of over 10000 families. Agrawal Construction Company Bhopal is serving society, building trust & quality with a commitment to cutting-edge design and technology. Agrawal Construction Company's vision is to 'building trust & quality' which extends to developing residential, commercial and township projects in all the directions of the beautiful City of Lakes Bhopal and hence it is among the top builders in Bhopal. Currently, it has four residential such as Sagar Pearl, Sagar Green Hills, Sagar Landmark and Sagar Eden Garden.










    ReplyDelete
  28. Durai RajApril 9, 2019 at 12:21 AM

    The blog which you have shared is more informative. thanks for your sharing...
    German Classes in Bangalore
    German coaching classes in Coimbatore
    German Classes in Coimbatore
    Java Training in Bangalore
    Python Training in Bangalore
    IELTS Coaching in Madurai
    IELTS Coaching in Coimbatore

    Java Training in Coimbatore

    ReplyDelete
  29. AlanWilliamsonApril 9, 2019 at 12:42 AM

    I want to share with you the best service of an essay in the USA. On our website CustomEssayMeister., you will not only find examples of how to write an essay, but also be able to get help in writing research or coursework.

    ReplyDelete
  30. SathyaApril 11, 2019 at 1:40 AM

    Interesting information and attractive.This blog is really rocking... Yes, the post is very interesting and I really like it.I never seen articles like this. I meant it's so knowledgeable, informative, and good looking site. I appreciate your hard work. Good job.
    Kindly visit us @
    Sathya Online Shopping
    Online AC Price | Air Conditioner Online | AC Offers Online | AC Online Shopping
    Inverter AC | Best Inverter AC | Inverter Split AC
    Buy Split AC Online | Best Split AC | Split AC Online
    LED TV Sale | Buy LED TV Online | Smart LED TV | LED TV Price
    Laptop Price | Laptops for Sale | Buy Laptop | Buy Laptop Online
    Full HD TV Price | LED HD TV Price
    Buy Ultra HD TV | Buy Ultra HD TV Online
    Buy Mobile Online | Buy Smartphone Online in India

    ReplyDelete
  31. lovedollplaceApril 17, 2019 at 7:56 AM

    Thanks For Sharing!!!
    sex doll
    Love doll

    ReplyDelete
  32. kavithasathishApril 26, 2019 at 3:43 AM

    Looks like great blog and got many information from this blog keep it up.
    French Classes in Chennai
    French Language Classes in Chennai
    German Classes in Chennai
    IELTS Coaching in Chennai
    Japanese Classes in Chennai
    spanish language in chennai
    French Classes in Velachery
    French Classes in Adyar

    ReplyDelete
  33. bbbbbbApril 27, 2019 at 11:16 AM

    Thanks mother day quotes

    https://www.oysmarto.website

    https://www.pc9x.com/

    ReplyDelete
  34. PriyankaMay 12, 2019 at 10:02 PM

    Attend The Python Training in Hyderabad From ExcelR. Practical Python Training Sessions With Assured Placement Support From Experienced Faculty. ExcelR Offers The Python Training in Hyderabad.
    python training in bangalore

    ReplyDelete
  35. shivaniMay 16, 2019 at 4:30 AM

    A befuddling web diary I visit this blog, it's incredibly grand. Strangely, in this present blog's substance made motivation behind fact and sensible. The substance of information is instructive
    Oracle Fusion Financials Online Training
    Oracle Fusion HCM Online Training
    Oracle Fusion SCM Online Training

    ReplyDelete
  36. TechxinxMay 17, 2019 at 2:38 AM

    Thanks for a nice share you have given to us with such an large collection of information.
    Great work you have done by sharing them to all.
    simply superb.construction company in bhopal
    Best Builders in bhopal
    Plots in Bhopal
    singlex, Duplex houses in bhopal
    coloniser in bhopal
    real estate developers in bhopal

    ReplyDelete
  37. Shanthi CabsMay 23, 2019 at 1:41 AM

    The article is very interesting and very understood to be read, may be useful for the people. I wanted to thank you for this great read!! I definitely enjoyed every little bit of it. I have to bookmarked to check out new stuff on your post. Thanks for sharing the information keep updating, looking forward for more posts..
    Kindly visit us @ Madurai Travels | Best Travels in Madurai | Cabs in Madurai
    Tours and Travels in Madurai

    ReplyDelete

Subscribe to: Post Comments (Atom)