UPnP.SOAP.XML.PortMapping.Configuration.File.Upload
Description
This indicates an attack attempt to exploit a Security Bypass vulnerability in a Router or Gateway with UPnP services enabled.
The vulnerability is due to an design flaw when the vulnerable software attempts to handles a crafted XML UPnP configuration file. An attacker can exploit this to bypass vulnerable router or gateway access restrictions via a specially crafted XML UPnP configuration file to form a proxy.
Affected Products
Router or Gateway with UPnP services enabled
Impact
Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems and open a port to the public
Recommended Actions
There are two possible actions:
1 Disabled UPnP service
2 Monitor port opened in the router or gateway. If any open port without authenticated was found, close this port.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-12-13 | 13.508 | Sig Added |