1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Broadcom UPnP SetConnectionType Attack

Attack: Broadcom UPnP SetConnectionType Attack

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detect the attempts to execute arbitrary code with root privileges on routers with Broadcom UPnP feature enabled.

Additional Information

Broadcom UPnP is a UPnP (Universal Plug and Play) protocol implementation developed by Broadcom and often used on routers shipped with Broadcom chipset.

Broadcom UPnP is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input. Specifically, this issue affects the 'SetConnectionType()' function of the 'wanipc' and 'wanppp' modules of the Broadcom UPnP stack. Successful exploit may allow attackers to write arbitrary values to memory address or read router memory.

An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will likely result in a denial-of-service condition.

Affected

  • Routers with Broadcom UPnP feature enabled.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube