Intrusion Prevention

UPnP.SOAP.XML.PortMapping.Configuration.File.Upload

Description

This indicates an attack attempt to exploit a Security Bypass vulnerability in a Router or Gateway with UPnP services enabled.
The vulnerability is due to an design flaw when the vulnerable software attempts to handles a crafted XML UPnP configuration file. An attacker can exploit this to bypass vulnerable router or gateway access restrictions via a specially crafted XML UPnP configuration file to form a proxy.

Affected Products

Router or Gateway with UPnP services enabled

Impact

Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems and open a port to the public

Recommended Actions

There are two possible actions:
1 Disabled UPnP service
2 Monitor port opened in the router or gateway. If any open port without authenticated was found, close this port.