April's top threat: Universal Plug and Play vulnerabilities

By
Follow google news

Attackers execute arbitrary code.

What is it? 

April's top threat: Universal Plug and Play vulnerabilities

Security vulnerabilities have been discovered in Universal Plug and Play (UPnP), which lets network-enabled devices communicate with each other.

How does it work?

The flaws in UPnP Simple Service Discovery Protocol (SSDP), UPnP HTTP and Simple Object Access Protocol (SOAP) can be exploited by attackers to crash the service and execute arbitrary code. The SOAP vulnerabilities also expose private networks to attacks and data leaks. In some cases, attackers can get past the firewall to launch an attack on connected machines.

Should I be worried?

New research has shed light on the endemic extent of the vulnerabilities. It shows that 40-50 million UPnP-enabled devices are exposed to the internet and vulnerable to attack via these flaws. The possibility is that you could be affected.

How can I prevent it? 

UPnP should be disabled from all external-facing and/or critical devices. Users are encouraged to scan their networks for vulnerable UPnP services.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
printrapid7securityupnp

Sponsored Whitepapers

AI Readiness Starts Here: Build a Future-Proof, Value-Driven AI Strategy with Brennan
AI Readiness Starts Here: Build a Future-Proof, Value-Driven AI Strategy with Brennan
Build the Infrastructure for Your AI Revolution
Build the Infrastructure for Your AI Revolution
2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats

Events

Most Read Articles

Commercial spyware targeted Samsung Galaxy users for months

Commercial spyware targeted Samsung Galaxy users for months
Australia's AUKUS base to connect to subsea cables

Australia's AUKUS base to connect to subsea cables
Westpac factors post-quantum cryptography prep into "secure router" rollout

Westpac factors post-quantum cryptography prep into "secure router" rollout
Researcher trawls cybercrime sites, collects billions of stolen credentials

Researcher trawls cybercrime sites, collects billions of stolen credentials
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?