UPnP security flaw exposes 23 Million IPs through a single UDP packet

A recent research of security team at Rapid7, found that millions of PCs, printers and storage devices around the world are put at risk due to a flaw in the UPnP protocol.

The problem lies in routers and other networking equipment that use the commonly employed standard Universal Plug and Play (UPnP). UPnP makes it easy for networks to identify and communicate with equipment, reducing the amount of work it takes to set up networks.

According to the researchers, the two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet. The flaws identified in the MiniUPnP software were fixed over two years ago, yet over 330 products are still using older versions.

In a white paper released today, researchers from the security software maker say that while UPnP might make network setup cheaper and more efficient, it provides a severe security risk.

"This definitely falls into the scary category," said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier."

Read more -here-

• Xbox consoles, controllers, and games are getting more expensive
• Waymo partners with Toyota to bring robotaxis to everyone
• Meta launches standalone AI app rivaling OpenAI's ChatGPT
• US FCC to review spectrum sharing rules to boost space-based telecom
• Google is dropping support for its oldest Nest Learning Thermostats
• Razer has a vertical mouse now