Rapid7 said Tuesday in a research paper, that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP.
UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services.
In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users.
Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol.
The long list of devices includes products from manufacturers including Belkin, D-Link, Cisco's Linksys division and Netgear.
They found that 20 percent, or 17 million, of those IP addresses corresponded to devices that were exposing the UPnP SOAP (Simple Object Access Protocol) service to the Internet. This service can allow attackers to target systems behind the firewall and exposes sensitive information about them.
Additional vulnerabilities, including ones that can be used in denial of service and remote code execution attacks, also exist in a UPnP library called MiniUPnP.
Rapid7 also release ScanNow UPnP, a free tool that can identify exposed UPnP endpoints in your network and flag which of those may remotely exploitable through recently discovered vulnerabilities.
People who own devices with UPnP enabled may not be aware of it because new routers, printers, media servers, web cameras, storage drives and smart TVs are often shipped with that functionality turned on by default.
