UPnP Vulnerability Allows Scammers to Steal data, Scan Networks

24
UPnP Vulnerability Allows Scammers Steal data_ Scan Networks

The latest vulnerability, known as CVE-2020-12695, has been found in the Universal Plug
and Play (UPnP). Attackers can implement the threat in various networked and IoT devices.
This includes personal computers, mobile devices, printers, routers, Wi-Fi access points, and more. It can enable unauthenticated and remote cybercriminals to exfiltrate data, scan
different networks, and make available devices to participate in the DDoS attacks.

Basically, the vulnerability can also be used to bypass the DLP and network security devices
to force various Internet-facing UPnP devices, becoming a carrier of amplified reflected TCP
DDoS.

Source: Helpnetsecurity