Device search requests and advertisements are supported by running HTTP on top of UDP (port 1900) using multicast (known as HTTPMU).
[1] UPnP is generally regarded as unsuitable for deployment in business settings for reasons of economy, complexity, and consistency: the multicast foundation makes it chatty, consuming too many network resources on networks with a large population of devices; the simplified access controls do not map well to complex environments.
Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers are optional and are only used if they are available on the network.
Device search requests and advertisements are supported by running HTTP on top of UDP using multicast (known as HTTPMU).
UPnP uses UDP due to its lower overhead in not requiring confirmation of received data and retransmission of corrupt packets.
The fundamental exchange is a discovery message containing a few essential specifics about the device or one of its services, for example, its type, identifier, and a pointer (network location) to more detailed information.
The UPnP Device Description is expressed in XML and includes vendor-specific manufacturer information like the model name and number, serial number, manufacturer name, (presentation) URLs to vendor-specific web sites, etc.
Much like function calls, the service returns any action-specific values in response to the control message.
The service publishes updates when these variables change, and a control point may subscribe to receive this information.
UPnP AV architecture is an audio and video extension of the UPnP, supporting a variety of devices such as TVs, VCRs, CD/DVD players/jukeboxes, settop boxes, stereos systems, MP3 players, still image cameras, camcorders, electronic picture frames (EPFs), and personal computers.
These enhancements are created by adding capabilities to the MediaServer and MediaRenderer device classes, allowing a higher level of interoperability between products made by different manufacturers.
Some of the early devices complying with these standards were marketed by Philips under the Streamium brand name.
Many routers and firewalls expose themselves as Internet Gateway Devices, allowing any local UPnP control point to perform a variety of actions, including retrieving the external IP address of the device, enumerating existing port mappings, and adding or removing port mappings.
One of them is the UPnP IGD client integrated with current Microsoft Windows and Xbox systems with certified IGDv2 routers.
[19] If UPnP is only used to control router port mappings and pinholes, there are alternative, newer much simpler and lightweight protocols such as the PCP and the NAT-PMP, both of which have been standardized as RFCs by the IETF.
Many UPnP device implementations lack authentication mechanisms, and by default assume local systems and their users are completely trustworthy.
[29][30] When the authentication mechanisms are not implemented, routers and firewalls running the UPnP IGD protocol are vulnerable to attack.
For example, Adobe Flash programs running outside the sandbox of the browser (e.g. this requires specific version of Adobe Flash with acknowledged security issues) are capable of generating a specific type of HTTP request which allows a router implementing the UPnP IGD protocol to be controlled by a malicious web site when someone with a UPnP-enabled router simply visits that web site.
The problem is widely propagated around the world, with scans showing millions of vulnerable devices at a time.
A team scanned for signals from UPnP-enabled devices announcing their availability for internet connection.
Typical scenarios observed include a server or client (e.g. smart TV) appearing after power on, and then disappearing after a few minutes (often 30 by default configuration) due to IGMP group membership expiring.
OCF had published a fix to the protocol specification in April 2020,[39] but since many devices running UPnP are not easily upgradable, CallStranger is likely to remain a threat for a long time to come.
[40] CallStranger has fueled calls for end-users to abandon UPnP because of repeated failures in security of its design and implementation.
[44] The UPnP Internet Gateway Device (IGD)[6] standard has a WANIPConnection service, which provides similar functionality to IETF-standard Port Control Protocol.