Rapid7, best known in the security community for Metasploit, recently published research indicating that an estimated 40-50 million network enabled devices are at risk due to vulnerabilities in the UPnP protocol. UPnP allows you to simplify the process of connecting to and configuring network connected devices.
Rapid7 has published a utility that you can use to scan for UPnP vulnerabilities on your network.
Given the vulnerabilities involved and the difficulty in automatically updating the software on the types of devices that would be vulnerable, you should strongly consider disabling UPnP functionality on any devices that you detect as vulnerable. Disabling UPnP won’t stop you from being able to use the device for its intended function, but it will require you to perform some configuration tasks that you performed automatically using a more involved manual process.
