FRITZ! news - FRITZ!Box not affected by UPnP breach
FRITZ!Box not affected by UPnP breach
Current media reports tell of a vulnerability in a UPnP library, with routers most at risk. The good news for anyone using a FRITZ!Box is that they’re not standing in harm’s way! Not a single FRITZ!Box model is affected by the reported vulnerability because the library behind it all, libupnp, has never been used with our routers. What’s more, the FRITZ!Box firewall is always activated, and cannot be switched off. Home network protocols such as UPnP are generally not accessible from the Internet.
The technical background
US-CERT, the United States Computer Readiness Emergency Team, ascertained the vulnerability in libupnp, a library used for UPnP. Three of the UPnP features controlled via the libupnp library are not free from buffer overflows. As this library isn’t used with the FRITZ!Box, your home network is protected from unauthorized access.