UPnP

CISA adds 15 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include SonicOS and Windows UPnP)

The Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. Recent additions include SonicWall SonicOS, Windows UPnP, and other Microsoft Windows vulnerabilities.

CISA adds 15 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include SonicOS and Windows UPnP) Read More »

Cisco releases security update for Critical UPnP vulnerability in small business routers

Cisco has released a security update for a Critical UPnP vulnerability CVE-2021-34730 in Small Business router models, as well as multiple vulnerabilities in other Cisco products.

Cisco releases security update for Critical UPnP vulnerability in small business routers Read More »

CallStranger UPnP vulnerability affects multiple internet-facing products

The CERT Coordination Center issued a new advisory for a UPnP configuration vulnerability CVE-2020-12695 that could allow an attacker to abuse devices and send traffic to arbitrary destinations. As a result, devices connected to the internet with UPnP enabled could expose additional vulnerabilities that could lead to amplified DDoS attacks and data loss.

CallStranger UPnP vulnerability affects multiple internet-facing products Read More »

UPnProxy opens up networks to Eternal family of exploits

Earlier this year, researchers from Akamai discovered attackers were abusing Universal Plug and Play (UPnP) vulnerabilities to conceal traffic, thus creating a malicious proxy system dubbed “UPnProxy.”

UPnProxy opens up networks to Eternal family of exploits Read More »