We are used to seeing many vulnerabilities that in one way or another can put our devices at risk. Today we echo a new bug affecting the UPnP (Univrsal Plug and Play) protocol that is present in billions of devices worldwide. This vulnerability has been called CallStranger and allows to steal data from devices, scan LAN ports and even turn those computers into bots.
CallStranger, vulnerability in UPnP protocol
As we have mentioned this vulnerability is known as CallStranger . This is a major bug because of the number of vulnerable devices, as it affects everyone running a UPnP version that is out of date beyond April 17. These devices can include a large number of computers running Windows 10, routers, access points, printers, game consoles, multimedia devices, cameras, televisions …
The UPnP protocol is widely used by the devices that we use in our day to day. This makes millions of people worldwide vulnerable. As we know, this protocol is used for the automatic detection of network devices and to be able to interact between them. It is intended for use on a trusted local network as it does not have verification or authentication.
This vulnerability called CallStranger has been registered as CVE-2020-12695 . It can be exploited remotely without the need for authentication. The flaw lies in the value of the callback header, which could be controlled by an attacker.
What happens if a hypothetical attacker manages to exploit this vulnerability? According to security researchers, it could bypass network security devices and data loss prevention solutions designed to prevent the sending of critical or confidential information outside the corporate network.
CallStranger’s biggest risk is precisely data breach. However, it could also serve to carry out DDoS attacks from multiple devices accessible from the public web, as well as being able to scan LAN ports from UPnP devices that have an Internet connection.
They created a script to verify which devices on the network can be attacked through this vulnerability. Basically what it does is search all the computers in that local network. There are currently millions of devices publicly exposed on the network.
Patch available
Keep in mind that a patch has been available for almost two months now. The problem is that many devices still do not update and will remain so for a long time. It is very important, as we always mention, to keep the latest patches and updates installed. There are many occasions when vulnerabilities can arise that are exploited by hackers to deploy their attacks.
One of the tips that security researchers give is to disable unnecessary UPnP services, especially on devices that have Internet access. It is also interesting to check the networks and the Intranet to see that the UPnP devices are not leaking data. We can always see the log of network security.