Universal Plug and Pray
From the files of things that really shouldn’t surprise us: Rapid 7 released a white paper today on its research of the global exposure of Universal Plug and Play (UPnP) enabled network devices.
“Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet. Somewhere between 40 and 50 million IPs are vulnerable to at least one of three attacks […]. The two most commonly used UPnP software libraries both contained remotely exploitable vulnerabilities.”
If you’re a network administrator, be sure to check it out. Rapid 7 is offering a tool called ScanNow UPnP (which requires Java RE) that can identify exposed UPnP endpoints in your network.
On 29/01/13 At 02:57 PM