Home routers are affected by major UPnProxy security issues

Costea Lestoc By: Costea Lestoc
2 minute read

Home » News » Home routers are affected by major UPnProxy security issues

According to Akamai latest report, it looks like bad actors are abusing more than 65,000 routers to create proxy networks for secret or even illegal activities. Akamai is an American content delivery network and cloud service provider. The Universal Plus and Play protocol is abused by botnet operators and cyber-espionage groups. UPnP comes with all modern routers to, and the bad actors’ target is to proxy bad traffic and hide real location.

UPnP is targeted these days

The UPnP protocol is abused by attackers, and this is an essential feature because it makes it easier to interconnect local devices with Wi-Fi and forward ports and services to the web. The protocol is vital for modern routers, but its insecurity was proven more than ten years ago. Attackers have been abusing it ever since, and now it looks that there’s a brand new way in which they are doing this. Bad actors have discovered that particular routers expose the protocol’s services that are meant only for inter-device discovery.

The flaw’s codename is UPnProxy

Attackers have been abusing these routers to inject malware into their Network Address Translation tables. The flaw allows attackers to use routers with misconfigured UPnP services as proxy services for their own secret and illegal operations. The weakness is significant because cybercriminals can login into routers that expose their backend on the web.

Hackers can exploit it to bypass firewalls and access IP addresses to bounce traffic to other IP addresses. This can be used to mask the real locations of phishing pages, spam campaigns, advertising click fraud and more similar “goodies.”

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

Akamai’s findings and solutions

The number or vulnerable routers that Akamai detected is around 4.8 million and experts have discovered active NAT injections on more than 65,000 devices. Akamai also created a list of 400 router models made by 73 vendors that are currently vulnerable. Users are advised to replace their routers with models that don’t have the vulnerability. Akamai also released a Bash script that has the ability to identify vulnerable routers.



Next up

How to uninstall McAfee when the removal tool doesn’t work

Loredana Paraianu avatar. By: Loredana Paraianu
4 minute read

Your McAfee Antivirus license has just expired. You tried to remove the software from your computer but some strange error messages prevent you from completing […]

Continue Reading

Fix Windows 10 error code 0xc0000034 with these solutions

Rabia Noureen avatar. By: Rabia Noureen
4 minute read

Most of us often encounter the annoying Blue screens of death problems on our different versions of Windows. You will see that the screen will simply turn […]

Continue Reading

KB4489890, KB4489888 and KB4489889 bring tens of bug fixes

Madeleine Dean By: Madeleine Dean
2 minute read

If you’re running older Windows 10 OS version, you may want to check for updates. Microsoft released new updates for Windows 10 v1709, v1703 and […]

Continue Reading