TR-11 - Security Flaws in Universal Plug and Play (UPnP) - Disable UPnP

TR-11 - Security Flaws in Universal Plug and Play (UPnP) - Disable UPnP

Back to Publications and Presentations

  1. Overview
  2. Recommendation
  3. References
  4. Classification Of This Document

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

Overview

UPnP (Universal Plug and Play) is a network protocol that allows to discover network services and also is able to (re-) configure network equipment in order to seamlessly make network devices work together. When turned on, this network protocol is accessible on UDP port 1900. This port must  not be accessible from the internet (unless one has good reason to do so). According to the research of Rapid 7 1, the service is widely turned on on Internet facing devices and therefore accessible from the Internet. At most, home Internet routers are concerned.

Recommendation

CIRCL follows the recommendation of Rapid 7 and CERT/CC, who say turning off UPnP or blocking access to UPnP from the internet is currently the only way to protect oneself unless the vendors release software/firmware upgrades.

References

Classification Of This Document

TLP: WHITE information may be distributed without restriction, subject to copyright controls.