50 million network devices vulnerable to UPnP attacks


Over this week Rapid7 published a new report that list a result for scanning IP-addresses for routers and other Internet-connected devices with the UPnP interface enabled.

UPnP (Universal Plug and Play) – a set of network protocols on open standards, the universal automatic configuration of network devices. For example, to an ordinary user can easily pick up a home network. Simply connect the device to the network, and it immediately starts to work.

But convenience comes at a price. Scans showed that 2.2% of all IP-addresses on Internet, that is 81 million units, respond to discovery requests UPnP. Of these, 40 to 50 million are vulnerable to at least one of the three known attacks on UPnP. For example, one in five of the system allows SOAP API to everyone through the Internet, so that attackers can log in to firewall.

About 23 million fingerprints match a version of libupnp that exposes the system to remote code execution. With one UDP-packet it is possible to exploit any of the eight newly discovered vulnerabilities in libupnp. An attacker is able to remotely execute code, steal passwords and files, install malicious software on the computer and so on.

The report Rapid7 (pdf) lists each vulnerability devices with UPnP, and provides guidance to ISPs and users. Mentioned that the vulnerability affects about 6900 models of devices from more than 1,500 manufacturers.

To check your local network for vulnerable devices, you can run free scanner ScanNow for Universal Plug and Play (UPnP). Scanner for Windows and requires Java.


ScanNow screenshot (click to enlarge)

Make sure to scan your network with ScanNow to check whether your network-enabled devices are vulnerable or not.