In the midst of all the security alerts you and we receive on a regular basis, this one stands out and you can and should take immediate action.
Router manufacturers whose products are affected by the UPnP vulnerabilities include Cisco-owned Linksys, Netgear, Belkin and D-Link, as well as many others.
As is reported all over the Internet, there is a weakness in over 80 million devices that respond to what’s called a uPNP discovery request. uPNP was originally designed to automate the previously-difficult process of setting up port forwarding. Unfortunately some bad implementations of uPNP have left millions of routers vulnerable to attack.
The easiest way for you to determine if you are vulnerable is to visit a website by security guru Steve Gibson where his server will attempt to send your router a uPNP discovery request and you will see the results immediately. Follow these simple steps:
1. Visit www.grc.com and select Services, ShieldsUP!
Then select “Proceed” as shown below:
2. Select the “GRC’s Instant UPnP Exposure Test”
The following result is what you’re looking for:
If your result is otherwise, you should immediately reference the setup of the router, turn off uPNP and run the above test again. In some cases, even when it is supposedly turned off, it continues to run. In such a case, you may need to upgrade the firmware or replace the router. Sound too techy? No problem, we can help.