Home routers are affected by major UPnProxy security issues

2 minute read

According to Akamai latest report, it looks like bad actors are abusing more than 65,000 routers to create proxy networks for secret or even illegal activities. Akamai is an American content delivery network and cloud service provider. The Universal Plus and Play protocol is abused by botnet operators and cyber-espionage groups. UPnP comes with all modern routers to, and the bad actors’ target is to proxy bad traffic and hide real location.

UPnP is targeted these days

The UPnP protocol is abused by attackers, and this is an essential feature because it makes it easier to interconnect local devices with Wi-Fi and forward ports and services to the web. The protocol is vital for modern routers, but its insecurity was proven more than ten years ago. Attackers have been abusing it ever since, and now it looks that there’s a brand new way in which they are doing this. Bad actors have discovered that particular routers expose the protocol’s services that are meant only for inter-device discovery.

The flaw’s codename is UPnProxy

Attackers have been abusing these routers to inject malware into their Network Address Translation tables. The flaw allows attackers to use routers with misconfigured UPnP services as proxy services for their own secret and illegal operations. The weakness is significant because cybercriminals can login into routers that expose their backend on the web.

Hackers can exploit it to bypass firewalls and access IP addresses to bounce traffic to other IP addresses. This can be used to mask the real locations of phishing pages, spam campaigns, advertising click fraud and more similar “goodies.”


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


Akamai’s findings and solutions

The number or vulnerable routers that Akamai detected is around 4.8 million and experts have discovered active NAT injections on more than 65,000 devices. Akamai also created a list of 400 router models made by 73 vendors that are currently vulnerable. Users are advised to replace their routers with models that don’t have the vulnerability. Akamai also released a Bash script that has the ability to identify vulnerable routers.

RELATED STORIES TO CHECK OUT:

Next up

Windows 10 April Update will probably land on April, 30

By: Costea Lestoc
2 minute read

The next feature update targeting Windows 10 might be called Windows 10 April Update. This information originates in Microsoft Edge’s welcome page. In a server-side […]

Continue Reading

Windows 10 Lean/CloudE is a smaller version of Redstone 5

By: Costea Lestoc
2 minute read

There’s a new version of Windows in the works these days, and it may target low-specs devices. Microsoft is currently working on a cut down […]

Continue Reading

How to Schedule Automatic Shutdown in Windows 10

By: Ivan Jenic
3 minute read

Sometimes you might want to schedule certain tasks, especially if you don’t have enough time to do them manually. If you want to learn more […]

Continue Reading

Discussions