Incident Response, TDR, Vulnerability Management

Threat of the month: Universal Plug and Play vulnerabilities

What is it? 

Security vulnerabilities have been discovered in Universal Plug and Play (UPnP), which lets network-enabled devices communicate with each other.

How does it work?

The flaws in UPnP Simple Service Discovery Protocol (SSDP), UPnP HTTP and Simple Object Access Protocol (SOAP) can be exploited by attackers to crash the service and execute arbitrary code. The SOAP vulnerabilities also expose private networks to attacks and data leaks. In some cases, attackers can get past the firewall to launch an attack on connected machines.

Should I be worried?

New research has shed light on the endemic extent of the vulnerabilities. It shows that 40-50 million UPnP-enabled devices are exposed to the internet and vulnerable to attack via these flaws. The possibility is that you could be affected.

How can I prevent it? 

UPnP should be disabled from all external-facing and/or critical devices. Users are encouraged to scan their networks for vulnerable UPnP services.

HD Moore

HD is the Co-Founder and CEO of Rumble, Inc. Best known as the creator of Metasploit, HD has been building security companies since 1999 with a mix of services, research, and product development roles that focus on applying research to real-world security challenges. In addition to his work at Rumble, HD advises and invests in startups, contributes to open source projects, and continues to present new research at security conferences.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.