CallStranger Data Exfiltration via UPnP SUBSCRIBE Callback

Paliv

Regular Contributor
Stop us if you’ve heard this before but a researcher has uncovered a new security vulnerability affecting many devices running the Universal Plug and Play (UPnP) protocol.

Named CallStranger by discoverer Yunus Çadırcı, the potential for trouble with this flaw looks significant for a whole menu of reasons, starting with the gotcha that it’s UPnP.

UPnP was invented back in the mists of time to graft the idea of plug-and-play onto the knotty world of home networking.

UPnP meant users didn’t have to know how to configure router ports – if the device and the home router supported UPnP (often turned on by default), connectivity happened automagically.
https://nakedsecurity.sophos.com/2020/06/10/billions-of-devices-affected-by-upnp-vulnerability/
 
Last edited:

ColinTaylor

Part of the Furniture
Before people ask...
The one UPnP stack that isn’t affected is MiniUPnP, which is used in a sizable chunk of home routers.
 

Paliv

Regular Contributor
What I’m unclear on is if the clients are vulnerable if the router is running miniUPnP. I clearly don’t have a good enough understanding of this.
 
Last edited:

Wallace_n_Gromit

Regular Contributor

Attachments

Wallace_n_Gromit

Regular Contributor
What I’m unclear on is if the clients are vulnerable if the router is running miniUPnP. I clearly don’t have a good enough understanding of this.
Steve Gibson talked about this issue in his podcast "Security Now" episode #770
He actually gave a historical perspective on the beginnings of these UPnP vulnerabilit(ies). (Intel never intended a "Sample" code to be baked into OEM chipsets)

at 40:15 into the episode
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top