Test your router to make sure UPnP is NOT exposed on the WAN
Posted: Wed Apr 18, 2018 3:52 pm
This is a very old problem that should have been fixed a LONG time ago, however there's a shocking number of routers that STILL have this vulnerability. UPnP should NEVER be exposed on the WAN. It shouldn't even be possible. This is just sloppy programming of the firmware.
GRC's ShieldsUp! has the ability to test for this. Go to ShieldsUp page here, and press Proceed, then on the next page press the "GRC'S Instant UPnP Exposure Test" button: https://www.grc.com/shieldsup
DO I EVEN NEED UPNP AT ALL?
Security experts suggest, and I whole heartily agree, that unless you NEED UPnP, it should be turned off entirely, even on the LAN side of your router.
UPnP is a way that devices and apps on a LAN can ask the router (without any approval from you) to setup a port forward (and that forward is usually invisible - it doesn't show up in the router's manual port forward list). The original intention was to make it easy for non-techies to setup port forwarding for game hosting on the XBox. However, since there's no security of any kind and ANYTHING on your network can open a port via UPnP (thereby completely defeating the purpose of your router's firewall), it's very dangerous. A malicious app or IoT device could open a port and run a server from inside your network.
Most people on this forum probably know how to setup port fowarding in their router, and can easily do without UPnP.
GRC's ShieldsUp! has the ability to test for this. Go to ShieldsUp page here, and press Proceed, then on the next page press the "GRC'S Instant UPnP Exposure Test" button: https://www.grc.com/shieldsup
DO I EVEN NEED UPNP AT ALL?
Security experts suggest, and I whole heartily agree, that unless you NEED UPnP, it should be turned off entirely, even on the LAN side of your router.
UPnP is a way that devices and apps on a LAN can ask the router (without any approval from you) to setup a port forward (and that forward is usually invisible - it doesn't show up in the router's manual port forward list). The original intention was to make it easy for non-techies to setup port forwarding for game hosting on the XBox. However, since there's no security of any kind and ANYTHING on your network can open a port via UPnP (thereby completely defeating the purpose of your router's firewall), it's very dangerous. A malicious app or IoT device could open a port and run a server from inside your network.
Most people on this forum probably know how to setup port fowarding in their router, and can easily do without UPnP.