Vulnerabilities for UnPnP

A researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play (UPnP) protocol.

Named CallStranger by discoverer Yunus Çadırcı, a potentially large number of devices with UPnP (Universal Plug and Play) enabled, which includes home routers, modems, smart TVs, printers, cameras, and media gateways, have a vulnerability. It’s also been enabled on a lot of what might loosely be called Internet of Things (IoT) products, as well as major operating systems such as Windows 10, and even the Xbox games console.

A list of known and suspected vulnerable devices is available on the CallStranger publicity website, but it would be wise not to assume this is definitive (a script is available to poll the network for vulnerable devices).

The one UPnP stack that isn’t affected is MiniUPnP, which is used in a sizable chunk of home routers. The problem is it’s not easy to tell which devices use this and which don’t.

Use Ship n Destroy

If you find vulnerabilities in your hardware, or need to upgrade, let us safely and securely destroy your hard drives, smart devices and desktops with our simple Ship n Destroy process. Learn more at https://shipndestroy.com