UPnP security flaw exposes 23 Million IPs through a single UDP packet

A recent research of security team at Rapid7, found that millions of PCs, printers and storage devices around the world are put at risk due to a flaw in the UPnP protocol.

The problem lies in routers and other networking equipment that use the commonly employed standard Universal Plug and Play (UPnP). UPnP makes it easy for networks to identify and communicate with equipment, reducing the amount of work it takes to set up networks.

According to the researchers, the two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities. In the case of the Portable UPnP SDK, over 23 million IPs are vulnerable to remote code execution through a single UDP packet. The flaws identified in the MiniUPnP software were fixed over two years ago, yet over 330 products are still using older versions.

In a white paper released today, researchers from the security software maker say that while UPnP might make network setup cheaper and more efficient, it provides a severe security risk.

"This definitely falls into the scary category," said Wysopal, who reviewed Rapid7's findings ahead of their publication. "There is going to be a lot more research on this. And the follow-on research could be a lot scarier."

Read more -here-

• Apple's new accessibility features let you control an iPhone or iPad with your eyes
• Comcast unveils streaming bundle that includes Apple TV+, Peacock and Netflix
• John Deere says solar storm compromised GPS tracking on tractors
• Dell confirms database hacked - hacker says 49 million customers hit
• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package