CallStranger vulnerability lets attacks bypass security systems and scan LANs

Worth adding to your arsenal of threat hunting tools…:

[…] The vulnerability, named CallStranger, allows attackers to hijack smart devices for distributed denial of service (DDoS) attacks, but also for attacks that bypass security solutions to reach and conduct scans on a victim’s internal network — effectively granting attackers access to areas where they normally wouldn’t be able to reach.

CALLSTRANGER BUG IMPACTS UPNP

According to a website dedicated to the CallStranger vulnerability published today, the bug impacts UPnP, which stands for Universal Plug and Play, a collection of protocols that ship on most smart devices.

[…]

Original article here