Security → Filet-O-Firewall exposes millions of home routers to attacks

Security vulnerabilities in UPnP continue to crop up and continue to put millions of home networking devices at risk for compromise. The latest was revealed in early August, but prompted an advisory yesterday from the DHS-sponsored CERT at the Software Engineering Institute at Carnegie Mellon University. It’s called Filet-o-Firewall and it combines a number vulnerabilities and weaknesses in routing protocols and browsers, conspiring to expose networked devices behind a firewall to the open Internet.

See more at: UPnP Trouble Puts Devices Behind Firewall at Risk
»threatpost.com/upnp-trou ··· /114493/

Advisory
»www.kb.cert.org/vuls/id/361684

List of routers, including DD-WRT
»www.filet-o-firewall.com ··· ers.html

Disable UPnP
If at all possible, mitigate this vulnerability by simply disabling UPnP. Instructions on how to do so should be provided by the router's manufacturer.

»www.youtube.com/watch?v= ··· tH4tghjA

...who in their right mind, and is security conscious, still lets UPNP run rampant across their network, may I ask?

Also kinda surprised UPNP uses so many ports... IIRC, it was UDP1900 only...

Regards

Agreed. uPnP was an obvious disaster from the start and I'm proud to say it's never ever been active on any network I've set up and never will be. It's one of the last things Microsoft pushed out in their "stupid-time" and in all fairness they haven't done anything this bad since (Win 10 still TBD, though).

I was in a lively discussion of this turd and couldn't believe it was THAT long ago! :
»Upnp vs pnp why treat router like a refrigerator?

Netgear apparently enables it by default, as I found out on my WNR2000v4 ...

Just disabled it...

yeah i had it disabled and after doing a firmware update it was enabled again just had to disable it all over again.