3

I read a lot about UPnP vulnerability and I understand it to some extent. What I don't understand is how attacker will attack if he is not connected to the same network. I read how attacker can do port mapping on the router. But to do that, attacker has to connect to the router in the first place which will require him to know the password. So unless it is a public network, I don't understand how the attacker will be able to achieve his target.

Basically I am trying to understand how attacker will be able to reach an UPnP device in my home network if he is not connected on the network.

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
azizulhakim
  • 131
  • 4

1 Answers1

2

Not exactly, UPnP requests to open ports can be sent without router's password. So UPnP is dangerous. Usually UPnP is enabled only on LAN side (wireless and ethernet), but in some cases (rarely but sometimes, on some old routers), routers have UPnP enabled even on WAN side which is very dangerous. In these cases, an attacker can open a port to access to an internal ip and port. He can try and try or bruteforce it to find internal ip addresses accessing to shared folders and that kind of services.

So, disable UPnP if you are not using it. If you have devices using it, be pretty sure that your router has enabled it only on LAN side.

Anyway, this is not related to wireless networks. Same effect on LAN side on wireless or ethernet.

A tool to exploit this is for example Miranda

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48
  • But home routers IP address are not public IP(or are they?). So how can someone guess and attack on that IP if they are not already connected to it? Say I am connected to my phone's AT&T network and trying to attack my home router. If my home router doesn't have a public IP, what way do I have to attack it? – azizulhakim Jan 07 '18 at 04:51
  • You connect to the Internet right? So your router has a public IP. Also, if your router accepts WLAN connections it is using radio waves and not WiFi, so those in proximity can attack that way. – rassa45 Jan 07 '18 at 18:14
  • I am under the impression that every router is connected to the ISP through a private IP. Only the ISP has public IP connected to the internet. If every router had a public IP, that would have overflowed the IPv4 addresses already. IPv6 is not still ubiquitous. So in this case, an attacker could try to attack on the ISP's IP. Again my knowledge on network topology is limited and I'm trying to learn. Tell me if I am wrong in any of these assumptions. – azizulhakim Jan 07 '18 at 19:54