Researchers just announced the discovery of a UPnP vulnerability that impacts any UPnP device exposed on the Internet. The attack, called CallStranger (CVE-2020-12695), is being used for massive DDoS attacks , to exfiltrate data, and to scan ports from Internet-facing UPnP devices.

The attack takes advantage of a Callback header value in the SUBSCRIBE function so you can block all SUBSCRIBE and NOTIFY HTTP packets in ingress and egress traffic for protection. DDoS protection can be configured to block NOTIFY packets too.