Recent reports indicate that there is a vulnerability in the MiniUPnPd service on the Aircube and Edge routers. This vulnerability can lead to an internal heap overflow, which has the potential to execute arbitrary code. The MiniUPnPd service is a small daemon that initiates the UPnP and NatPMP protocols for a device, allowing port redirection to any client on the network.
The vulnerability specifically exists in the /etc/init.d/upnpd, which exposes a dynamic TCP port to LAN clients. This allows threat actors to exploit a heap overflow attack, resulting in the execution of arbitrary code. The exact CVSS score and vector for this vulnerability are yet to be confirmed.
To understand the vulnerability in more detail, it’s important to explore the configuration of NAT entries within the MiniUPnPd service. The service utilizes a function called Internet Gateway Daemon, which handles NAT entries using iptables or nftables in Linux. In the case of iptables, the function get_port_mappings_in_range is used to retrieve the external NAT entries and ports.
The default allocation of array memory for these port entries is set to 128 ports since the exact number of entries is not known in advance. However, if the number of entries exceeds this limit, the reallocation of memory is not properly updated, leading to a heap overflow.
Security Solution Department (SSD) has published detailed information about this vulnerability, providing more insight into its potential impact. According to their findings, the vulnerability affects UPnP-enabled EdgeRouters running 2.0.9-hotfix.6 and earlier, as well as UPnP-enabled Aircubes running 2.8.8 and earlier.
To address the vulnerability, a security advisory has been released, outlining the necessary steps to mitigate the risk. Users of affected EdgeRouters are advised to update their devices to version 2.0.9-hotfix.7 or later. Similarly, users of affected Aircubes should update to version 2.8.9 or later. These updates contain the necessary fixes to address the vulnerability and prevent potential exploitation by threat actors.
It is crucial for users of these products to follow the recommended measures and update their devices promptly. By doing so, they can ensure the security of their network and prevent any unauthorized access or code execution.
In conclusion, the vulnerability in the MiniUPnPd service on Aircube and Edge routers poses a serious risk. Through exploiting an internal heap overflow, threat actors can execute arbitrary code, potentially compromising the network. To address this vulnerability, it is essential for users to update their devices to the recommended versions provided by the manufacturer. By staying proactive and taking the necessary security measures, users can protect their networks from potential threats.