I have been following some of the recent exploits of UPnP for a couple of weeks now. The script kiddies have found easy ways of taking advantage of the vulns. They have realized that they can p0wn your Internet connection and possibly everything behind the router as well. Then, I saw this report that was released yesterday. The stats are amazing and scary.
We have all learned over the years to protect ourselves from malware and viruses. But, most people will install a home router and not think about it because they tend to just work. I have found that a high percentage of consumer-grade routers have UPnP enabled by default.
Take a couple of minutes and read this link.
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
There is also a link to a Windows tool in the article that helps you to identify if you are vulnerable. There are also instructions for using Metasploit for Mac and Linux users. I recommend that you scan your devices whether they be something you purchased or something that your ISP has provided. (there are reports of some Verizon FIOS devices being vulnerable).
If you run the scan and it reports that your equipment is vulnerable, don't panic. First, disable UPnP on your device. Then check with the vendor to see if they have any firmware updates for your device.
