Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
UPnP is not a common protocol on enterprise networks. However, the UPnP devices that are present on a network are most likely vulnerable and potentially exposed to the internet.
This vulnerability is well known, and there are public tools that can scan for UPnP devices that are exposed to the internet.
A successful exploit can lead to a Distributed Denial of Service (DDoS) attack and discovery of other devices on your network.
Kill Chain
Risk Score
70
The Universal Plug and Play (UPnP) protocol is a zero configuration network protocol that enables devices to immediately discover and communicate with other devices on a local network. If a UPnP device is accessible from the internet, an attacker can take advantage of a vulnerability, also known as CallStranger, to send an HTTP SUBSCRIBE request with an external IP in the CALLBACK header of the request. The attacker can take advantage of this vulnerability to send large amounts of data from all connected devices and perform a Distributed Denial of Service (DDoS) attack. Open Connectivity Foundation (OCF), which has managed UPnP since 2016, published a fix for CallStranger on April 17, 2020. The update removes the ability to include a URL in the CALLBACK header that is outside the local network. However, it is the responsibility of the device maker to update affected products.
