"Billions of Devices Affected by UPnP Vulnerability"
Researchers have discovered a new vulnerability they are calling CallStranger (CVE-2020-12695). This vulnerability is technically a vulnerability in UPnP’s SUBSCRIBE function. CallStranger affects many devices running the Universal Plug and Play (UPnP) protocol. If an adversary was able to exploit this flaw, the adversary could use it to co-opt vulnerable devices for DDoS attacks. Adversaries could also bypass data loss prevention security to sneak data out of networks, and possibly carry out port scanning to probe for exposed UPnP devices. This vulnerability can be potentially found in large numbers of devices with UPnP enabled, including home routers, modems, smart TVs, printers, cameras, and media gateways. UPnP is often enabled on a lot of Internet of Things (IoT) products, as well as major operating systems such as Windows 10, and the Xbox game consoles, which means they might also be affected by this new security vulnerability.
Naked Security reports: "Billions of Devices Affected by UPnP Vulnerability"