Fixed a critical vulnerability issue related to UPnP
Model : TD-W8960N
Hardware Version : V4
Following the release this week of a research paper from security firm
Rapid7 describing vulnerabilities in the widely used Intel/Portable UPnP SDK and MiniUPnP SDK stacks, security researchers from DefenseCode announced that they identified a critical vulnerability in a separate UPnP stack developed by Broadcom and used in devices with Broadcom chipsets, including one device from TP-LINK, the TD-W8960N.
Being aware of the urgency of this issue, our R&D solved it immediately and released a beta Firmware for the customers who are worried about this problem to download.
You can find this beta Firmware here:
At the end of February, we will release the official FW, solving the UPnP Vulnerability of TD-W8960N.
looks like i was hit by this vulnerability and no firmware upgrade available.
my password was changed, but internet still worked, had to reset back to factory defaults and reupload my config.
dunno how long before get hit again.
upnp service is disabled but still running!