Security News > 2022 > January > 277,000 routers exposed to Eternal Silence attacks via UPnP

277,000 routers exposed to Eternal Silence attacks via UPnP
2022-01-31 15:40

UPnP is a connectivity protocol optionally available in most modern routers that allows other devices on a network to create port forwarding rules on a router automatically.

It is yet another technology that trades convenience for security, especially when the UPnP implementation is potentially vulnerable to attacks allowing remote actors to add UPnP port-forwarding entries via a device's exposed WAN connection.

Akamai is unsure about the success rate of this campaign, but observed a systematic approach to the scans, targeting devices that utilize static ports and paths for their UPnP daemons to inject port forwards.

"Because there is a decent possibility that machines unaffected by the first round of EternalBlue and EternalRed attacks were safe only because they weren't exposed directly to the internet. They were in a relatively safe harbor living behind the NAT," explains Akamai's report.

There are many ways to do this, but Akamai has conveniently provided this bash script, which can be run against a potentially vulnerable URL. If you've located a device compromised with Eternal Silence, disabling UPnP won't clear the existing NAT injections.

Applying the latest firmware update should be a priority as the device vendor may have addressed any UPnP implementation flaws via a security update.


News URL

https://www.bleepingcomputer.com/news/security/277-000-routers-exposed-to-eternal-silence-attacks-via-upnp/