ScanNow for UPnP is a simple tool which will check your network for devices with newly discovered vulnerabilities in their Universal Plug and Play implementation. UPnP is commonly found on routers, network printers, network-attached storage and many other devices, and if a vulnerable device is accessible over the internet (and security firm Rapid7 say they've found 40-50 million which are) then this could be exposing users "to remote attacks that could result in the theft of sensitive information".

The ScanNow tool itself is straightforward to use. There's no installation required, just launch the download, specify the IP range you'd like to scan (the program will detect and provide sensible defaults for you) and then wait until the process is complete.

When it's done, a report lists everything it's discovered. Check the "Identified" figure to make sure that ScanNow has detected more or less the number of devices you'd expect, and the "Exploitable" figure will let you know if any of your systems are vulnerable.

If you find you've an affected device, don't panic just yet: this isn't in itself a disaster. If the system can't be accessed from outside of your network, for instance, then hackers won't be able to exploit it.

To be safe, though, you should probably still check your documentation to see how you can disable Universal Plug and Play, if you can do without it. Exactly how to do this will vary depending on your hardware, but on the Billion router next to our test PC, for instance, we'd click Configuration > Advanced > Device Management and set "UPnP" to "Disable".


ScanNow for UPnP is a simple and straightforward UPnP vulnerability checker (although figuring out what to do with its results may require some thought)