Universal Plug and Pray

From the files of things that really shouldn’t surprise us: Rapid 7 released a white paper today on its research of the global exposure of Universal Plug and Play (UPnP) enabled network devices.

Rapid 7, Security Flaws in Universal Plug and Play

The results are impressive.

“Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks […]. The two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities.”

If you’re a network administrator, be sure to check it out. Rapid 7 is offering a tool called ScanNow UPnP (which requires Java RE) that can identify exposed UPnP endpoints in your network.

On 29/01/13 At 02:57 PM

Read more: Universal Plug and Pray

Story added 30. January 2013, content source with full text you can find at link above.