Security News > 2022 > January > 277,000 routers exposed to Eternal Silence attacks via UPnP
UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically.
It is yet another technology that trades convenience for security, especially when the UPnP implementation is potentially vulnerable to attacks allowing remote actors to add UPnP port-forwarding entries via a device's exposed WAN connection.
Akamai is unsure about the success rate of this campaign, but observed a systematic approach to the scans, targeting devices that utilize static ports and paths for their UPnP daemons to inject port forwards.
"Because there is a decent possibility that machines unaffected by the first round of EternalBlue and EternalRed attacks were safe only because they weren't exposed directly to the internet. They were in a relatively safe harbor living behind the NAT," explains Akamai's report.
There are many ways to do this, but Akamai has conveniently provided this bash script, which can be run against a potentially vulnerable URL. If you've located a device compromised with Eternal Silence, disabling UPnP won't clear the existing NAT injections.
Applying the latest firmware update should be a priority as the device vendor may have addressed any UPnP implementation flaws via a security update.