UPnP.SOAP.XML.PortMapping.Configuration.File.Upload

description-logoDescription

This indicates an attack attempt to exploit a Security Bypass vulnerability in a Router or Gateway with UPnP services enabled.
The vulnerability is due to an design flaw when the vulnerable software attempts to handles a crafted XML UPnP configuration file. An attacker can exploit this to bypass vulnerable router or gateway access restrictions via a specially crafted XML UPnP configuration file to form a proxy.

affected-products-logoAffected Products

Router or Gateway with UPnP services enabled

Impact logoImpact

Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems and open a port to the public

recomended-action-logoRecommended Actions

There are two possible actions:
1 Disabled UPnP service
2 Monitor port opened in the router or gateway. If any open port without authenticated was found, close this port.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-12-13 13.508 Sig Added