wklie Posted June 26, 2020 Share Posted June 26, 2020 On 6/19/2020 at 6:34 PM, Cebolla said: Case in point - what UPnP/DLNA streamer manufacturers have checked and (where required) updated their devices to comply with the recently updated OCF UPnP Device Architecture 2.0 specification, to avoid the CallStranger vulnerability? I need more time to look into the potential impact, if any, but If I'm not mistaken, typical streamers are not internet-facing in the context of the CallStranger. Our streamers cannot be accessed or controlled over the internet except via Spotify Connect. Peter Lie LUMIN Firmware Lead Link to comment
wklie Posted July 2, 2020 Share Posted July 2, 2020 I am in contact with our UPnP stack provider for this issue. Although this task shall remain on my To-Do list in the coming weeks or months, this post does not constitute a promise to address this issue. Cebolla 1 Peter Lie LUMIN Firmware Lead Link to comment
wklie Posted July 8, 2020 Share Posted July 8, 2020 On 6/19/2020 at 6:34 PM, Cebolla said: Case in point - what UPnP/DLNA streamer manufacturers have checked and (where required) updated their devices to comply with the recently updated OCF UPnP Device Architecture 2.0 specification, to avoid the CallStranger vulnerability? Lumin Firmware 13.1 fixes the UPnP CallStranger vulnerability. It is available for all 10 models of network music players and transports ever released by Lumin, including discontinued models. Thanks for the links. Cebolla 1 Peter Lie LUMIN Firmware Lead Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now