A vulnerability in the Universal Plug and Play protocol can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS) and scan internal networks. The bug got the name CallStranger and it affects all devices that run a UPnP version earlier than April 17. Included are all versions of Windows 10, routers, access points, printers, gaming consoles, doorphones, media applications and devices, cameras, television sets and cameras. The vulnerability was discovered by cybersecurity researcher Yunus ..adirci.
Source: https://www.bleepingcomputer.com/news/security/callstranger-upnp-bug-allows-data-theft-ddos-attacks-lan-scans/