added January 14, 2008 at 03:37 pm
US-CERT is aware of an attack vector targeting networking devices that support UPnP (Universal Plug and Play). This specific attack occurs via a maliciously crafted SWF file that is contained in a web site. When the web site is visited, changes may occur to a router's configuration via UPnP. This may allow an attacker to change any parameter on the router or device that can be set by UPnP.
US-CERT recommends that users consider disabling UPnP. (Note: Disabling UPnP may cause applications that rely on UPnP to fail or operate with reduced functionality.)
US-CERT will provide more information as it becomes available.
資料來源 http://www.us-cert.gov/current/index.html#upnp_router_exploit
US-CERT is aware of an attack vector targeting networking devices that support UPnP (Universal Plug and Play). This specific attack occurs via a maliciously crafted SWF file that is contained in a web site. When the web site is visited, changes may occur to a router's configuration via UPnP. This may allow an attacker to change any parameter on the router or device that can be set by UPnP.
US-CERT recommends that users consider disabling UPnP. (Note: Disabling UPnP may cause applications that rely on UPnP to fail or operate with reduced functionality.)
US-CERT will provide more information as it becomes available.
資料來源 http://www.us-cert.gov/current/index.html#upnp_router_exploit
全站熱搜
留言列表
