Fixed a critical vulnerability issue related to UPnP

[tplink]

Model : TD-W8960N

Hardware Version : V4

Following the release this week of a research paper from security firm
Rapid7 describing vulnerabilities in the widely used Intel/Portable UPnP SDK and MiniUPnP SDK stacks, security researchers from DefenseCode announced that they identified a critical vulnerability in a separate UPnP stack developed by Broadcom and used in devices with Broadcom chipsets, including one device from TP-LINK, the TD-W8960N.
http://www.defensecode.com/public/De...y_Advisory.pdf
Being aware of the urgency of this issue, our R&D solved it immediately and released a beta Firmware for the customers who are worried about this problem to download.

You can find this beta Firmware here:
http://www.tp-link.com/en/support/do...rsion=V4#tbl_j
At the end of February, we will release the official FW, solving the UPnP Vulnerability of TD-W8960N.

[Herman]

Nice ！

[mercutio]

looks like i was hit by this vulnerability and no firmware upgrade available.

my password was changed, but internet still worked, had to reset back to factory defaults and reupload my config.

dunno how long before get hit again.

upnp service is disabled but still running!