• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Radiology Associates of Richmond data breach impacts 1.4 million people

 | 

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Security
  • Security flaws in Universal Plug and Play expose million devices

Security flaws in Universal Plug and Play expose million devices

Pierluigi Paganini January 30, 2013

Rapid7 security firm has published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” in which reports the result of a research conducted in the second half of 2012 that evaluated the global exposure of UPnP-enabled network devices.

Security world has become accustomed to so surprising data, over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet.

Rapid7Stats

The researchers have experimented three attacks discovering more than 40 million IPs are vulnerable at least one of them, the surprising result is justified by the fact that two most commonly used UPnP software libraries are affected by vulnerabilities that are remotely exploitable.

The UPnP protocol suffers from a number of basic security problems, many of which have been highlighted over the last twelve years. Authentication is rarely implemented by device manufacturers, privileged capabilities are often exposed to untrusted networks, and common programming flaws plague common UPnP software implementations. These issues are endemic across UPnP-enabled applications and network devices

The reports highlighted that over 23 million IPs related to Portable UPnP SDK are vulnerable to remote code execution just through a single UDP packet. The result proposed an alarming scenario, over 6,900 product versions from over 1,500 vendors are vulnerable through UPnP due to the exposure of UPnP SOAP service to the internet.

The risk is an attacker could “execute arbitrary code on the device or cause a denial of service,”, it could install malware on victim’s computer.

A remote, unauthenticated attacker may be able to execute arbitrary code on the device or cause a denial of service.

The good news is that vulnerabilities Rapid7 identified in the Portable UPnP SDK have been fixed as of version 1.6.18 0released today, but the bad news is that probably device vendors will spend too much time to patch their product exposing users to serious risks.

Rapid7’s post was skeptical on patch management process, following an exhaustive statement:

“The flaws identified in the MiniUPnP software were fixed over two years ago, yet over 330 products are still using older versions. For the reasons outlined above, we strongly suggest that end users, companies, and ISPs take immediate action to identify and disable any internet-exposed UPnP endpoints in their environments.”

The figure related the penetration level of the menace is impressive, UPnP is enabled by default on many network appliances such as home gateways, network printers, and devices ranging from IP cameras to network storage servers.

Rapid7 has also provided a free vulnerability scanner, ScanNow UPnP, that can identify exposed UPnP endpoints in your network and flag which of those may remotely. Actually, the tools are available for Microsoft platforms, users of Mac OS X and Linux can test they UPnP endpoints using Metasploit (module UPnP SSDP M-SEARCH Information Discovery).

Rapid7 suggested the immediate actions mitigate the risks related to the vulnerability:

  • Internet Service Providers should review any equipment that they are providing to subscribers to verify that UPnP is not exposed on the WAN interface.
  • Companies should verify that all external-facing devices do not expose UPnP to the internet. Rapid7 provides ScanNow UPnP as well as Metasploit modules that can detect vulnerable UPnP services.

The U.S. Department of Homeland Security has immediately raised an alert on the serious threat to networking devices, it warns users to update their software or disable UPnP. It then warns to “disable UPnP applying a restriction to networking protocols and ports, including Simple Service Discovery Protocol (SSDP) and Simple Object Access Protocol (SOPA) services from untrusted networks such as the Internet.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – UPnP, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

DHS network devices patch management Rapid7 security Universal Plug and Play vulnerability

you might also like

Pierluigi Paganini July 23, 2025
Microsoft linked attacks on SharePoint flaws to China-nexus actors
Read more
Pierluigi Paganini July 22, 2025
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    French Authorities confirm XSS.is admin arrested in Ukraine

    Cyber Crime / July 23, 2025

    Microsoft linked attacks on SharePoint flaws to China-nexus actors

    APT / July 23, 2025

    Cisco confirms active exploitation of ISE and ISE-PIC flaws

    Hacking / July 22, 2025

    SharePoint under fire: new ToolShell attacks target enterprises

    Hacking / July 22, 2025

    CrushFTP zero-day actively exploited at least since July 18

    Hacking / July 22, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT