• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

 | 

Cisco removed the backdoor account from its Unified Communications Manager

 | 

U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

 | 

Qantas confirms customer data breach amid Scattered Spider attacks

 | 

CVE-2025-6554 is the fourth Chrome zero-day patched by Google in 2025

 | 

U.S. CISA adds TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog

 | 

A sophisticated cyberattack hit the International Criminal Court

 | 

Esse Health data breach impacted 263,000 individuals

 | 

Europol dismantles €460M crypto scam targeting 5,000 victims worldwide

 | 

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

 | 

U.S. CISA adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog

 | 

Canada bans Hikvision over national security concerns

 | 

Denmark moves to protect personal identity from deepfakes with new copyright law

 | 

Ahold Delhaize data breach affected over 2.2 Million individuals

 | 

Facebook wants access to your camera roll for AI photo edits

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 51

 | 

Security Affairs newsletter Round 530 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

The FBI warns that Scattered Spider is now targeting the airline sector

 | 

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Security flaws in Universal Plug and Play expose million devices

Security flaws in Universal Plug and Play expose million devices

Pierluigi Paganini January 30, 2013

Rapid7 security firm has published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” in which reports the result of a research conducted in the second half of 2012 that evaluated the global exposure of UPnP-enabled network devices.

Security world has become accustomed to so surprising data, over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet.

Rapid7Stats

The researchers have experimented three attacks discovering more than 40 million IPs are vulnerable at least one of them, the surprising result is justified by the fact that two most commonly used UPnP software libraries are affected by vulnerabilities that are remotely exploitable.

The UPnP protocol suffers from a number of basic security problems, many of which have been highlighted over the last twelve years. Authentication is rarely implemented by device manufacturers, privileged capabilities are often exposed to untrusted networks, and common programming flaws plague common UPnP software implementations. These issues are endemic across UPnP-enabled applications and network devices

The reports highlighted that over 23 million IPs related to Portable UPnP SDK are vulnerable to remote code execution just through a single UDP packet. The result proposed an alarming scenario, over 6,900 product versions from over 1,500 vendors are vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet.

The risk is an attacker could “execute arbitrary code on the device or cause a denial of service,”, it could install malware on victim’s computer.

A remote, unauthenticated attacker may be able to execute arbitrary code on the device or cause a denial of service.

The good news is that vulnerabilities Rapid7 identified in the Portable UPnP SDK have been fixed as of version 1.6.18 0released today, but the bad news is that probably device vendors will spend too much time to patch their product exposing users to serious risks.

Rapid7’s post was skeptical on patch management process, following an exhaustive statement:

“The flaws identified in the MiniUPnP software were fixed over two years ago, yet over 330 products are still using older versions. For the reasons outlined above, we strongly suggest that end users, companies, and ISPs take immediate action to identify and disable any internet-exposed UPnP endpoints in their environments.”

The figure related the penetration level of the menace is impressive, UPnP is enabled by default on many network appliances such as home gateways, network printers, and devices ranging from IP cameras to network storage servers.

Rapid7 has also provided a free vulnerability scanner, ScanNow UPnP, that can identify exposed UPnP endpoints in your network and flag which of those may remotely. Actually, the tools are available for Microsoft platforms, users of Mac OS X and Linux can test they UPnP endpoints using Metasploit (module UPnP SSDP M-SEARCH Information Discovery).

Rapid7 suggested the immediate actions mitigate the risks related to the vulnerability:

  • Internet Service Providers should review any equipment that they are providing to subscribers to verify that UPnP is not exposed on the WAN interface.
  • Companies should verify that all external-facing devices do not expose UPnP to the internet. Rapid7 provides ScanNow UPnP as well as Metasploit modules that can detect vulnerable UPnP services.

The U.S. Department of Homeland Security has immediately raised an alert on the serious threat to networking devices, it warns users to update their software or disable UPnP. It then warns to “disable UPnP applying a restriction to networking protocols and ports, including Simple Service Discovery Protocol (SSDP) and Simple Object Access Protocol (SOPA) services from untrusted networks such as the Internet.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – UPnP, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

DHS network devices patch management Rapid7 security Universal Plug and Play vulnerability

you might also like

Pierluigi Paganini July 03, 2025
Europol shuts down Archetyp Market, longest-running dark web drug marketplace
Read more
Pierluigi Paganini July 02, 2025
Cisco removed the backdoor account from its Unified Communications Manager
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Europol shuts down Archetyp Market, longest-running dark web drug marketplace

    Cyber Crime / July 03, 2025

    Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

    Uncategorized / July 03, 2025

    Cisco removed the backdoor account from its Unified Communications Manager

    Security / July 02, 2025

    U.S. Sanctions Russia's Aeza Group for aiding crooks with bulletproof hosting

    Cyber Crime / July 02, 2025

    Qantas confirms customer data breach amid Scattered Spider attacks

    Cyber Crime / July 02, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT