List of products affected by the vulnerable Broadcom UPnP stack

Have you read the latest issue of our digital (IN)SECURE Magazine? If not, do it now.

Recently, DefenseCode researchers have uncovered a high-risk Broadcom UPnP stack remote root vulnerability.

The vulnerability is located within the wanipc and wanppp modules of the Broadcom UPnP stack, which is used by manufacturers that deliver routers based on the Broadcom chipset.

The remote preauth format string vulnerability in the Broadcom UPnP stack can be exploited to write arbitrary values to an arbitrary memory address, and also to remotely read router memory. When exploited, it allows an unauthenticated attacker to execute arbitrary code under the root account.

Here’s a partial list of affected vendors and their products:

Actiontec

  • GT784WN

ALBIS

  • Router VLR-4300-I

ASUSTek

  • WL-500gPV2
  • WL-520GU
  • WL700GE

BEC Technologies

  • BEC 7800TN R2

Belkin

  • F5D8232-4 v1000
  • N1 ADSL Router

Billion

  • BiPAC 7700N
  • BiPAC 7700N R2
  • BiPAC 7800VDOX
  • BiPAC 7800VDPX

BT

  • Voyager 2091
  • Voyager 220V
  • Voyager 2091
  • Voyager 2110
  • Voyager 220V
  • Voyager 2500V

Careca

  • HRDSL108W 108M Wireless ADSL2+ router

China Telecom

  • E8C(EPON) Gateway
  • Navigator 1-2 Gateway

Comtrend

  • AR-5383N
  • WAP-5850G

Corega

  • CG-BARMX2
  • CG-WLBARAGM

DARE

  • DareGlobal Home Gateway
  • Dare ADSL2+ Modem/Wireless Router
  • Digital Data Communications

    • FBR-1461
    • FBR-1461A

    D-Link

    • DSL-2500U
    • DSL-2542B
    • DSL-2640B
    • DSL-2640BT
    • DSL-2640U
    • DSL-2730B
    • DSL-2730U
    • DSL-2740B
    • DSL-2740U
    • DSL-2740EL
    • DSL-2750U
    • DSL-2741B
    • DSL-2750B
    • DSL-6740U
    • DVA-G3670B
    • DSL-2542B
    • DSL-526B

    Huaqin

    • HGU421

    Huawei

    • HG227
    • HG520

    LevelOne

    • FBR-1461B

    Linksys

    • MA568243
    • MA890673
    • WRT150N
    • WRT54G
    • WRT54GL
    • WRT54GS

    NB

    • DSL-2740B

    NetComm

    • NB6 ADSL2+ Router
    • NB6PLUS4W Wireless ADSL2+ Router
    • NB6W Wireless ADSL2+ Router

    Netgear

    • RP614v4

    Neuf Telecom

    • Trio4

    OPTICOM

    • DSLink 279

    PLANET

    • ADN-4000

    Planex

    • BLW-54CW

    Siemens

    • ADSL SL2-141
    • Gigaset SE515B
    • SL2-141-I

    Sinus

    • 1054 DSL

    Speedport

    • 500V

    TARGA WR 500 VoIP

    • TARGA WR 500 VoIP

    TELUS

    • VSG1432

    Tenda/Imex

    • W150D

    TP-LINK

    • TD-W8960N

    U.S. Robotics

    • USR8561

    UTstarcom

    • VSG1435-B101

    WIN

    • eNet660S

    ZTE Corporation

    • ZXDSL 931 Series Device
    • ZXDSL 531B

    ZyXEL

    • P-870H-51A V2 UPnP
    • P-870H-51b UPnP
    • P-870H-53A V2 UPnP
    • P-870HN-51b UPnP
    • P-870HN-51D UPnP
    • P-870HN-53b UPnP
    • P-870HNU-51b
    • VSG1435-B101
    • P-660HN-51
    • P-870HN-53b
    • P-873HNU-51B
    • P-873HNUP-51B
    • VMG1312-B30A
    • VSG1432-B101
    • VSG1435-B101
    • TR64