Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Open port 1900: Universal Plug and Play (UPnP)

Author: Government Digital Service

Open port 1900: Universal Plug and Play (UPnP)

What this means

Port 1900 may indicate that Universal Plug and Play (UPnP) is enabled on your network.

UPnP is a networking protocol that allows devices within a local network to discover each other and automatically configure network services.

It is commonly used in routers, gaming consoles, smart TVs, and Internet of Things (IoT) devices.

Why this is a problem

UPnP can pose a major security risk if unintentionally enabled and not managed properly.

UPnP allows an internal device to automatically open ports on the router without administrator intervention.

Attackers can potentially exploit this to expose internal services to the internet, leading to unauthorised access, malware infections, and data breaches. This can lead to scenarios such as:

  • devices like IP cameras, printers, being unintentionally accessible from the internet
  • bypass of NAT configuration and firewall rules, exposing services that should remain private

In addition, weakness in implementations of UPnP have also led to router compromise in some scenarios, turning routers into botnets or allowing a malicious actor to change router settings.

How to check if the problem is there

Check your network equipment to determine if UPnP is enabled. This will often be on your perimeter router or firewall.

The exact steps will depend upon the make and model of your router or firewall in use.

How to fix this

In an enterprise environment it is generally recommended to disable and restrict UPnP so that the control of open ports and protocols lies with an administrator.

UPnP is normally only required in consumer environments for things such as games consoles.

If you need to open ports, it is recommended to configure this manually rather than relying on UPnP.

If you have verified that there is no inherent requirement for UPnP to be enabled on your network, the following steps can be taken:

  1. Disable UPnP services on router and firewall systems.
  2. Configure firewall rules to deny communications across port 1900 from the internet and between networks, as appropriate.
  3. Keep the firmware updated on your network equipment such as routers and switches as these can address security issues affecting UPnP access from the internet.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now