A report by security company Rapid7 on Tuesday brought attention to a set of vulnerabilities in UPnP that puts millions of users at risk. According to the research paper, more than 80 million unique IP addresses “were identified that responded to UPnP discovery requests from the Internet”, and at least half of those were vulnerable to at least one security vulnerability the researchers used to analyze the security of devices.
Attackers can take advantage of the vulnerabilities to execute code remotely on vulnerable systems to steal passwords and files, place malware on the systems or take them over completely.
This paper quantifies the exposure of UPnP-enabled systems to the internet at large, classifies these systems by vendor, identifies specific products, and describes a number of new vulnerabilities that were identified in common UPnP implementations. Over 1,500 vendors and 6,900 products were identified that are vulnerable to least one of the security flaws outlined in this paper. Over 23 million systems were vulnerable to a single remote code execution flaw that was discovered during the course of this research.
The research paper contains an “immediate actions” page that recommends a set of actions for Internet Service Providers, Businesses and home users. Both Home users and businesses can run a scanner that the researchers have created to find out whether their local network is vulnerable or not.
A couple of options are available if a vulnerable endpoint is discovered. The first course of action would be to find out if an update is available. This is usually done by contacting the manufacturer of the device, e.g. router, or searching on the manufacturer’s website for updates. If there is no update, users may want to consider disabling UPnP on the device or replacing it if that is not possible at all.