TR-11 - Security Flaws in Universal Plug and Play (UPnP) - Disable UPnP

TR-11 - Security Flaws in Universal Plug and Play (UPnP) - Disable UPnP

Back to Publications and Presentations

  1. Overview
  2. Recommendation
  3. References
  4. Classification Of This Document

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member


UPnP (Universal Plug and Play) is a network protocol that allows to discover network services and also is able to (re-) configure network equipment in order to seamlessly make network devices work together. When turned on, this network protocol is accessible on UDP port 1900. This port must  not be accessible from the internet (unless one has good reason to do so). According to the research of Rapid 7 1, the service is widely turned on on Internet facing devices and therefore accessible from the Internet. At most, home Internet routers are concerned.


CIRCL follows the recommendation of Rapid 7 and CERT/CC, who say turning off UPnP or blocking access to UPnP from the internet is currently the only way to protect oneself unless the vendors release software/firmware upgrades.


Classification Of This Document

TLP: WHITE information may be distributed without restriction, subject to copyright controls.