UPnP vulnerability another reason to disable this service in your devices

Currently reading
UPnP vulnerability another reason to disable this service in your devices

Synology, TrueNAS
Operating system
  1. Linux
  2. Windows
no doubt, as we discussed here many times, that UPnP is a dangerous feature sold as useful solution for tech-newbies. And our recommendation was - stop the UPnP usage (not just in NAS or routers, but everywhere in your LAN). For more recommendations you can use Search tool in this forum.

Now you can read another nice example of such vulnerable service used almost everywhere:

Article from Yunus Çadırcı
CallStranger vulnerability that is found in billions of UPNP devices can be used to exfiltrate data (even if you have proper DLP/border security means) or scan your network or even cause your network to participate in a DDoS attack.
In this link (article author at GitHub) you can find Pyton based script for a test of your LAN devices for opened UPnP protocol and also for a subscription endpoints + other useful information. Include check of the vulnerability.

Btw: Syno isn’t listed in the affected devices list, what doesn’t mean that was tested.
Ubiquiti Unifi controller passed the test. Then it’s in safe zone.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

FYI nothing new, but still worth sharing as patching remains essential, even when we think that using VPN...
agree, but yet another good reminder that it is amongst good security practices to disable the default...

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!