no doubt, as we discussed here many times, that UPnP is a dangerous feature sold as useful solution for tech-newbies. And our recommendation was - stop the UPnP usage (not just in NAS or routers, but everywhere in your LAN). For more recommendations you can use Search tool in this forum.
Now you can read another nice example of such vulnerable service used almost everywhere:
tldr:
Article from Yunus Çadırcı
CallStranger vulnerability that is found in billions of UPNP devices can be used to exfiltrate data (even if you have proper DLP/border security means) or scan your network or even cause your network to participate in a DDoS attack.
In this link (article author at GitHub) you can find Pyton based script for a test of your LAN devices for opened UPnP protocol and also for a subscription endpoints + other useful information. Include check of the vulnerability.
Btw: Syno isn’t listed in the affected devices list, what doesn’t mean that was tested.
Ubiquiti Unifi controller passed the test. Then it’s in safe zone.
Now you can read another nice example of such vulnerable service used almost everywhere:
tldr:
Article from Yunus Çadırcı
CallStranger vulnerability that is found in billions of UPNP devices can be used to exfiltrate data (even if you have proper DLP/border security means) or scan your network or even cause your network to participate in a DDoS attack.
In this link (article author at GitHub) you can find Pyton based script for a test of your LAN devices for opened UPnP protocol and also for a subscription endpoints + other useful information. Include check of the vulnerability.
Btw: Syno isn’t listed in the affected devices list, what doesn’t mean that was tested.
Ubiquiti Unifi controller passed the test. Then it’s in safe zone.
