Cookies
Naše webové stránky používají soubory cookies.
Při použití těchto webových stránek dáváte svůj souhlas s nastavením cookies na vašem počítači.Více informací
Souhlasím

UPnP

UPnP 

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.

January 30, 2013 UPDATE:

At the current time D-Link deploys firmware that has UPnP feature support on our devices. The UPnP features are enabled by software developer kits - Intel, Portable, and MiniUPnP.

Recently, it has been discovered that the following UPnP versions may have a security vulnerability that could cause devices to become unstable, impair functionality, or disclose the services the devices offers (i.e. network camera feed):

  • All Versions of Intel SDK
  • Version of Portable SDK prior to V. 1.6.18
  • Version of MiniUPnP SDK prior to V. 1.1

Security and performance is of the utmost importance to D-Link across all product lines, including networking, surveillance, storage and entertainment solutions.

D-Link is currently assessing the recent findings surrounding UPnP technology and whether any D-Link products are susceptible to vulnerabilities. If any action is needed, D-Link will provide information on this page.

We are currently updating our Vendor responses at US-CERT (US Computer Emergency Readiness Team) for the support CVEs (Common Vulnerabilities and Exposures).

We also discourage the use of industry-available tools available to the public because of the number of false-negatives and false-positives. This potential vulnerability is complex and requires deeper inspection and replacement of the recommend SDK stated in the CVEs.

Below is a list of D-Link products that are potentially vulnerable. If your product is not listed below, it is secure and not affected; no further action is required.

Active Affected SKUs Status Note
 DIR-626L

May 20, 2013

New firmware v1.03 available

D-Link will release an updated firmware that will close this potential vulnerability.

We will provide the release schedule as it becomes available.

For users concerned about this vulnerability there is an immediate option to disable the UPnP feature in the device by following the steps noted below.
 DIR-636L

May 20, 2013

New firmware v1.04 available

 DIR-826L

May 20, 2013

New firmware v1.04 available

 DCS-2130

May 30, 2013

New firmware v1.20 available

 DCS-2210

June 3, 2013

New firmware v1.20 available

 DCS-2230

June 3, 2013

New firmware v1.20 available

 DCS-3710 H/W ver. B1

May 30, 2013

New firmware v2.10 available

 DCS-6511

May 30, 2013

New firmware v1.12 available

 

Current Solution for Affected Products by Disabling UPnP

  1. Log into the device’s web configuration.

    For routers, the default browser URL address is as below:
    http://dlinkrouter.local or http://192.168.0.1

    For IP/network cameras, access the camera via its IP address. If you are unsure about this, please download, unzip and install the D-Link Network Camera Setup Wizard from ftp://ftp.dlink.eu/Products/dcs/@general/DCS_Setup-Wizard-SE.zip, which will automatically discover the camera on your network.

  2. Click on the Advanced tab at the top and then click on Advanced Network on the left-hand side.

  3. Under the UPnP Settings section, uncheck the disabled UPnP buttons to disable UPnP on the device

  4. Click Save Settings at the top to apply the settings.

Please note that disabling UPnP might adversely affect features and capabilities of the device and/or supporting applications or devices connecting to these products.