Whitepaper: Security Flaws in Universal Plug and Play: Unplug, Don't Play.

Document created by hdmoore on Jan 29, 2013
Version 1Show Document
  • View in full screen mode

This whitepaper details research conducted by Rapid7, which reveals that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. The paper investigates how three groups of security flaws relating to the UPnP protocol are exposing millions of users to attacks that could lead to a remote compromise of the vulnerable device.


We strongly recommend people to check whether they may be vulnerable, and if so, disable the UPnP protocol in any affected devices. Further details on mitigation strategies are included in the executive summary section at the front of the attached whitepaper. The document also includes details on the methodology of the research, breakdown and analysis of the findings and insights into the implications.


If you have any feedback or questions on this topic, please do share them either below or on HD Moore's blog post on it.