
CallStranger UPnP vulnerability exposes routers, gaming systems, TVs, printers - geek_slop
https://www.geekslop.com/news/technology-news/hacking-and-security/2020/new-callstranger-exploit-takes-advantage-of-upnp-vulnerability-in-millions-of-routers-gaming-systems-tvs-printers-and-other-internet-connected-attachable-devices
======
geek_slop
Researchers just announced the discovery of a UPnP vulnerability that impacts
any UPnP device exposed on the Internet. The attack, called CallStranger
(CVE-2020-12695), is being used for massive DDoS attacks , to exfiltrate data,
and to scan ports from Internet-facing UPnP devices.

The attack takes advantage of a Callback header value in the SUBSCRIBE
function so you can block all SUBSCRIBE and NOTIFY HTTP packets in ingress and
egress traffic for protection. DDoS protection can be configured to block
NOTIFY packets too.

