Published:2015/01/26 Last Updated:2015/01/26
JVN#27142693
NP-BBRM vulnerable in UPnP functionality
Overview
NP-BBRM provided by I-O DATA DEVICE, INC. contains a vulnerability in the UPnP functionality.
Products Affected
- NP-BBRM router
Description
NP-BBRM provided by I-O DATA DEVICE, INC. is a LAN router. NP-BBRM contains a vulnerability in the UPnP functionality.
Impact
The device may be used in a DDoS attack, as a SSDP reflector.
Solution
Disable UPnP
Disable UPnP functionality from the management configuration in the settings screen.
Vendor Status
| Vendor | Link |
| I-O DATA DEVICE, INC. | Notice about the security vulnerability in NP-BBRM router |
References
-
@police
Alert regarding SSDP reflection attacks abusing UPnP-enabled network devices (PDF)
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2015-0869 |
| JVN iPedia |
JVNDB-2015-000009 |