UPnP is a networking protocol used in most network enabled devices. UPnP permits networked devices such as smart phones, tablets, computers, printers, network attached storage, and other devices to seamlessly discover each other's presence on the network.
What is the UPnP vulnerability?
The published hack attacks a device over the internet. It takes advantage of a flaw in the UPnP protocol to bypass the given device’s security layers. The hack can cause device instability, impairment, or hijacking.
Which types of products are vulnerable to the hack?
Many devices support UPnP, however only devices which are accessible over the Internet with their own IP address are threatened by this published hack. Networking hardware device categories include wired and wireless routers, modems, IP cameras, and network attached storage devices among others.
How can I eliminate the vulnerability?
The following actions completely eliminate the threat:
- Download new firmware for your given device
- If firmware is not yet available, log into your given device and turn OFF UPnP.
Affected TRENDnet products
Updated: 9/9/2013
Affected Products | Status | Recommended Action |
TDM-C500 | New Firmware Available | New firmware may not yet be available. TRENDnet is working to update and release new firmware to address the issues. For models with a firmware update available, click on the "New Firmware Available" link in the Status column to access the firmware download page for the listed model. Download the firmware file and follow the included instructions to upgrade your device firmware. Until a new firmware becomes available for the models listed "Pending" in the Status column, please follow the instructions below to turn off UPnP on your device. |
TDM-C504 | New Firmware Available | |
TEW-718BRM | New Firmware Available | |
TEW-639GR | New Firmware Available | |
TEW-654TR | New Firmware Available | |
TEW-658BRM | New Firmware Available | |
TEW-733GR | New Firmware Available | |
TEW-751DR | New Firmware Available | |
TEW-752DRU | New Firmware Available | |
TW100-S4W1CA V2 | New Firmware Available | |
TW100-BRF214 | New Firmware Available | |
TW100-BRV214 | Pending | |
TEW-655BR3G V1 | New Firmware Available | |
TEW-655BR3G V2 | Pending | |
TEW-716BRG | New Firmware Available |
My product was not listed
TRENDnet is systematically testing all of our products. The Affected Products table will be updated as new products are tested. If you have an older product which is listed on TRENDnet’s Website as End of Life (EOL)—new firmware for EOL products will not be released. For EOL products we recommend turning off UPnP. If your product is not EOL and not on the list above, for your protection, please turn off your device’s UPnP function. See instructions below.
Disabling Router UPnP Functionality
Step 1: Log into your router’s management interface -If you are unsure how to do this, please refer to your router’s User’s Guide
Step 2: Click the Management or Advanced tab (you may have to click on the Advanced Network Setting sub-tab)
Step 3: Disable UPnP
Step 4: Click Save or Apply
*** Please note that disabling UPnP might adversely affect features and capabilities of the device and/or supporting applications or devices connecting to these products.
Disabling IP Camera UPnP Functionality
Step 1: Log into your IP camera’s management interface -If you are unsure how to do this, please refer to your IP camera’s User’s Guide
Step 2: Click on the Setup, Administration, or Configuration tab
Step 3: Click on the Network sub-tab (this tab may be under the Configuration tab)
Step 4: Disable UPnP
Step 5: Click Save or Apply
*** Please note that disabling UPnP might adversely affect features and capabilities of the device and/or supporting applications or devices connecting to these products.