Universal Plug And Play Flaw Opens Millions Of Devices To Attack

On Tuesday, security researchers announced that a common setting on home and office Internet routers may be easily breached.

Researchers at Rapid7, a security vendor, released an advisory and a white paper documenting how the Universal Plug and Play (UPnP) protocol could be compromised. The vulnerabilities affect Cisco’s Linksys division, Belkin, D-Link and Netgear brand routers, and 1,500 vendors and 6,900 different products.

“We never expected this much UPnP to be exposed on the Internet,” H.D. Moore, Rapid7′s chief security officer, told Forbes.com. “The scope of the exposure just blew us away.”

The full white paper is available here.