Introduction

There are a lot of devices which I think are vulnerable, but which I haven't checked first hand. Of the devices listed below I have checked either the downloadable sources (if the device is Linux based and the company does not violate the GPL), or poked around in freely downloadable firmware images.

DISCLAIMER: if a device is listed here, it does not necessarily mean that the device is vulnerable, just that I have a good reason to suspect that the device is vulnerable.

Suspected Devices

Suspect devices, ordered by manufacturer.

Canyon

DeviceVersionfirmware revisioninternal forwardingexternal forwardingcodeexecution
CN-WF512 1.83yesyesyes
CN-WF514 2.08yesyesyes

Both Canyon devices are based on Edimax' EdiLinux distribution (in fact, both are probably the same as the Edimax 6114Wg) and suffer from the same problems as all other EdiLinux based devices, namely the vulnerabilities in the Linux IGD stack . These conclusions are based on analysis of the source code from the Canyon website.

Sitecom

DeviceVersionfirmware revisioninternal forwardingexternal forwardingcode execution
WL-111 ?yesyesno

The Sitecom WL-111 is based on the Broadcom Linux distribution. Conclusions based on research of the sourcecode from the Sitecom website.

ZyXEL

DeviceVersionfirmware revisioninternal forwardingexternal forwardingcode execution
P-330W ?yesyesno

The ZyXEL P-330W uses the Pseudo ICS UPnP software and is vulnerable for the external forwarding bug. These conclusions are based on analysis of the sourcecode from the ZyXEL website.

Sweex

DeviceVersionfirmware revisioninternal forwardingexternal forwardingcode execution
LB000021 3.15yesyesyes

This device is simply a repackaged Edimax BR-6104K. Conclusions are based on the name of the file containing the firmware and the sourcecode from the Sweex website.

© 2006-2011, Armijn Hemel/upnp-hacks.org