Hi !


UPnP networking flaw puts millions of PCs at risk

Security researchers say that the danger stems from widely used technology found in routers and other standard networking equipment.

Common bugs in networking systems are placing PCs, printers and storage devices at risk, according to security researchers.

According to the security team at Rapid7, technology used worldwide in both routers and standard networking equipment is making it possible for hackers to potentially infiltrate approximately 40 million to 50 million devices worldwide.
The vulnerability lies in the standard known as Universal Plug and Play (UPnP). This standard set of networking protocols allows devices such as PCs, printers and Wi-Fi access points to communicate and discover each other's presence. After discovery, devices can be connected through a network in order to share files, printing capability and the Internet.


In a white paper released today, researchers from the security software maker say that while UPnP might make network setup cheaper and more efficient, it harbors a severe security risk.

The paper focuses on programming flaws in common UPnP discovery protocol (SSDP) implementations which can be exploited to crash the service and execute arbitrary code, the exposure of the UPnP control interface (SOAP) on private networks, and programming flaws in both UPnP HTTP and SOAP overall.

read more: UPnP networking flaw puts millions of PCs at risk | Security & Privacy - CNET News

full story: https://community.rapid7.com/communi...plug-dont-play

whitepaper: https://community.rapid7.com/docs/DOC-2150