← Cybersecurity Alphabet Soup

UPnP

Universal Plug and Play

networkmedium

UPnP lets devices on a home or office network automatically discover each other and configure services, including asking the router to open firewall ports. That convenience is dangerous: malware can silently punch holes in the firewall, and flaws like CallStranger (CVE-2020-12695) allowed data exfiltration and DDoS amplification through UPnP endpoints. Security guidance is to disable UPnP on routers, or at minimum block it from the internet-facing side.

Sources

More in network