• ARTICLES
SEARCH

How-To Geek

New Security Hole Found in Wi-Fi Routers: Disable UPnP to Protect Yourself


A while back, we told you that UPnP on your router is not very secure, and you should probably disable it. Now a security research firm has found out that the problems are even worse than we originally thought.

There’s some 81 million unique IP addresses that expose UPnP functionality from the internet, and more than 6900 different devices are potentially vulnerable, at least, to being hacked from the outside. This means, theoretically, that your router could end up being hacked to forward ports from the outside world, which leaves you open to more hacking.

The simple answer is to disable UPnP on your wireless router. Since each router is different, you’ll need to login to your wireless router’s admin panel (use the manual to figure that out), and then find the UPnP setting. If you’ve forgotten the password, check out our article on how to access your router even if you forgot the password.

Security Flaws in Universal Plug and Play: Unplug, Don’t Play [SecurityStreet | Rapid7]

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 01/30/13

Comments (19)

  1. NSDCars5

    I never enabled UPnP. Not that I need it :P

  2. Simon

    The two most important things you should do with any new router:

    Disable uPnP
    Disable WPS

  3. Tony

    my router has no listing for UPNP at all its provided from my cable company i called them and they said its not to worry about i’m like what.

  4. Caleb

    Will disabling uPnP affect streaming media from my PC to my Xbox?

  5. Tracie

    Could the author be more clear about, specifically, what the uPnP function does with what…and more importantly, exactly what would be affected by turning this off and how???

    It’s nice that HTG wants to warn everyone, but to just say “turn it off, it’s insecure” without any clear explanation of what this will change, or how things may function differently, is not all that helpful (you did almost the exact same thing with your Java warning a few weeks ago). I read the earlier article linked to in this one but am still unclear, as a somewhat normal user not an uber techie, how this will affect my equipment, workflow, etc.

    If I disable this, will my Ooma VOIP no longer work? Will I have to enable and then disable every single time I download a program or new piece of software? Will I have to continually deal with permissions every time I run non-local only programs and software? Will I have to deal with ports, which I have no knowledge or understanding of, everytime I get a new piece of software (which is nearly daily since I have several websites and am always trying new tools for different things)?

    Then I clicked on a link in the earlier article comments about a tool called Unplug n Pray that supposedly turns uPnP on and off with a click, but the article on that site is not only out of date, it is saying that the uPnp issue is something in the Windows OS, no mention of routers.

    Seriously guys, 7 whole sentences about turning off something that changes functionality is decidedly less than helpful.

  6. pbug56

    My router has upnp enabled, and a table seems to show all sorts of connections from my pc’s on various ports. I have no idea if what effect turning upnp off will have on my network;

    YES TCP 80 443 192.168.1.11
    YES TCP 443 29512 192.168.1.11
    YES UDP 64518 64518 192.168.1.135
    YES UDP 55743 55743 192.168.1.5
    YES UDP 58375 58375 192.168.1.135
    YES UDP 51665 51665 192.168.1.135
    YES UDP 57859 57859 192.168.1.5
    YES TCP 8272 8272 192.168.1.5
    YES TCP 8271 8271 192.168.1.5
    YES UDP 64756 64756 192.168.1.135
    YES UDP 60018 60018 192.168.1.135
    YES UDP 62606 62606 192.168.1.135
    YES UDP 49509 49509 192.168.1.135
    YES UDP 61105 61105 192.168.1.135
    YES UDP 62941 62941 192.168.1.4
    YES UDP 56372 56372 192.168.1.135
    YES UDP 58627 58627 192.168.1.135
    YES UDP 59093 59093 192.168.1.135
    YES UDP 52722 52722 192.168.1.135

  7. sneakily1

    I tested this out on my Linksys (cisco) WRT310Nv2 using DD-WRT and no issues whatsoever with UPnP enabled. I don’t know what I’m doing right exactly or if the guys at DD-WRT were already aware and fixed the issue… but another great reason to consider making the firmware switch to DD-WRT.

  8. demon

    This is so stupid of an idea, if you turn off UPnP you stop all sorts of things you use daily, like YouTube and Bit Torrents. and your cell phone
    Who the hell is this security company HTC ?

  9. Tat2Jr

    If you go to that page listed at the bottom of the article it has a one click test on there that will tell you if you’re safe. I was!

  10. Edwin

    Hi all, you can test your router here by clicking on the “GRC’s Instatnt UPnP Exposure Test” button. http://www.grc.com/x/ne.dll?rh1dkyd2 Thanks to Steve Gibson of GRC.

  11. Arindrew

    Why would uPNP ever be enabled on a WAN port? That just doesn’t make sense. Regardless, if you are using DD-WRT you are secure: uPNP is only enabled on LAN ports.

  12. Tracie

    THANK YOU, Tat2Jr!!! Tested it there & mine’s safe, too.

    If the author had bothered to include a whole 8th sentence in the article, just like yours in the comment above, saying that a ONE CLICK TEST could be found there, there wouldn’t be this much confusion. THAT would have been helpful.

    You know, test first here, then decide if you need to seriously disrupt your daily internet functions; not just screaming Disable! with zero explanation.

    Again, thank you Tat2Jr.

  13. Dave

    I read on arstechnica that if you do a port scan (using Shields UP) on port 1900 if it comes up stealth then you are not affected by this.
    I was going to ask how or what turning off UPnP would do but I turned it off yesterday and nothing seems broken yet, I haven’t tried skype yet but there is an option in the settings to ‘Use UPnP’ which is checked, no idea what that does but I know skype is P2P based.

    @sneakily1 this specific problem with UPnP was fixed on DDWRT about 2 years ago

    @demon as I say I turned off UPnP on my router yesterday and nothing has stopped working yet, I don’t use torrents but youtube, my mobile phone and everything else is working like it was still turned on.

  14. Sean
  15. KateHiggs22

    until I looked at the receipt of $8501, I didnt believe that my mom in-law had been trully bringing in money parttime from their computer.. there aunts neighbour has done this less than twentey months and at present took care of the morgage on there condo and bought a gorgeous Jaguar E-type. go to, Fox76.comTAKE A LOOK

  16. bedlamb

    2 Tracie
    Hi cutie.
    Disabling UPnP won’t disconnect anything you already have connected.
    It’s a good idea to disable UPnP on any router, unless you have a specific need for it. It’s easy, and if it breaks your network (it won’t), it’s easy to turn back on.

  17. pol

    I have Upnp disabled on my cisco linksys E2000, with no problems what so ever.

  18. Richard

    To this end, we have provided ScanNow UPnP, a free tool that can identify exposed UPnP endpoints in your network and flag which of those may remotely exploitable through recently discovered vulnerabilities.

    Unfortunately, this ScanNow UPnP program requires Java. I previously removed all Java on my PC due to MAJOR SECURITY FLAWS within Java which have been reported by several security websites.

  19. Jack

    Is the same to say turn off your internet connection its not save hahaha making people scared is making money

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!