January 30, 2013
The U.S. government has released a security advisory about critical flaws in Universal Plug and Play (UPnP), a networking protocol used by tens of millions of routers, computer printers, storage drives, smart TVs and other devices commonly found in homes and offices.
The flaws could let outside attackers invade your home or business network and cause havoc. Dozens of device manufacturers, including Cisco/Linksys, Netgear, Sony, Siemens and Belkin, have been notified, but few, if any, have rolled out patches yet.
US-CERT, the United States Computer Emergency Readiness Team, advises all users to manually disable UPnP in their devices’ administrative settings. Users will have to refer to their owners’ manuals or to manufacturers’ websites to learn how.