The dutch informatics student Armijn Hemel has found a bug in the UPnP-protocol, which is used in a lot of consumer- and Small Bussiness-routers. Microsoft, who has created UPnP is looking at the problem. Hemel has told Microsoft about the problem in january, but MS responded that only routers that are configured wrong are vulnerable. Hemel says that this isn’t correct and will show at Sane how it is possible to use this bug with a few lines of Python and some libraries to redirect websites and install virusses.
Linksys’ owner Cisco, which routers use UPnP started releasing updates for their WRT54G Linux-based accesspoint to fix the problem and also Zyxel is creating a patch as we speak.