Security News > 2020 > June > Billions of devices affected by UPnP vulnerability
Stop us if you've heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play protocol.
An attacker able to exploit this flaw could use it to co-opt vulnerable devices for DDoS attacks, bypass data loss prevention security to sneak data out of networks, and possibly carry out port scanning to probe for exposed UPnP devices.
If their internet facing devices have UPnP endpoints, their devices may be used for DDoS source.
Billions of UPnP devices will still need to be patched.
That's why it's important to mitigate the problem by at least turning UPnP off if it's not being used, something Naked Security has recommended after previous UPnP scares.
News URL
https://nakedsecurity.sophos.com/2020/06/10/billions-of-devices-affected-by-upnp-vulnerability/