Share this article

Improve this guide

UPnP bug exposes Windows 10 devices to RCE attack

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Data theftis lucrative business, and has been for a long time. That’s why cyber criminals are making billions of dollars per year by stealing and selling personal data like names, credit card details, and health records. They use different tools and techniques to breach IT networks, and aUPnPbug is one of the latest to get the attention of the National Institute of Standards and Technology (NIST).

How hackers can exploit the UPnP bug to exfiltrate data

How hackers can exploit the UPnP bug to exfiltrate data

Recently, NISTupdatedthe National Vulnerability Database (NVD) with information about theUniversal Plug and Playprotocol exploit (CVE-2020-12695). The organization is currently analyzing it.

The bug, named CallStranger, has been around since 2019 when a cybersecurity researcher reported it (viaBleeping Computer).

Ideally, UPnP should be a convenient way for devices to register each other’s presence on your network. Windows 10 PCs, routers, printers, and Wi-Fi access points are some of the gadgets that may use the networking technology.

Usually, no authentication is necessary for these devices to discover each other viaUPnP. Moreover, they’re usually part of a local, trusted network.

That wouldn’t be a problem except for the possibility of hackers exploiting the CVE-2020-12695 vulnerability inUPnP. In other words, a malicious actor can scan for the connectivity ports and use them to gain entry into a device.

For example, an attacker could remotely leverage theUPnPbug to discover a Windows 10 PC connected to your network. In the case of CallStranger, themalwarecould sidestep all data loss prevention and network security measures in place.

This way, the bad actor can easily access and steal data stored on your PC. That’s not the only IT risk, sadly.

CallStranger can also be remotely deployed in aDistributed Denial of Service (DDoS)attack. Hackers could also use it to scan internal networks.

Have you had any experience with theUPnPbug? Feel free to share it (or ask any questions) in the comments section below.

[wl_navigator]

More about the topics:Cybersecurity

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.