Universal Plug and Play - Wikipedia
Wi-FI Protected Setup (WPS) is Insecure: Here’s Why You Jul 10, 2017 What Is Universal Plug and Play & Why Your Security Is at Sep 04, 2019 Hikvision UPnP Hacking Risk - IPVM Dec 04, 2017
UPnP has been a security risk for years, but now it's
The security risk lies in the fact that with UPnP, software on your PC (or any PC in your LAN) can open a single or many ports on your router. Any software can do it, even the bad software. Sure you can open a handful of ports manually, but at least you are doing that on purpose. Jun 09, 2020 · A vulnerability (CVE-2020-12695) in UPnP may allow attackers to exfiltrate data, scan internal networks or use devices for DDoS attacks. Aug 01, 2013 · Or you can disable uPNP (or NAT-PMP) on the router itself. In that case you need to open only the specific ports you need. More work (especially when adding machines to the network) but added security. I was not sure what the impact that would have on Plex or any other uPnP device on my network. Universal Plug and Play (UPnP) has been a security nightmare since its inception over a decade ago. This technology is generally found in consumer-grade networked devices and allows them to discover other UPnP devices automatically on the network to establish lines of communication as well as broadcast the services that the device may provide to the rest of the network.
The security risk lies in the fact that with UPnP, software on your PC (or any PC in your LAN) can open a single or many ports on your router. Any software can do it, even the bad software. Sure you can open a handful of ports manually, but at least you are doing that on purpose.
Potential Security Risk! If UPnP or NAT-PMP are enabled, use only devices and programs which are trusted. These mechanisms will allow these entities to bypass the firewall to allow incoming connections with no additional control or authorization.