An interesting read on gnucitizen.org on the UPnP attack via Flash.

A user visiting a webpage that is hosting a malicious SWF file (Flash) might allow an attacker to remotely take control of UPnP devices (like routers) on the users’ private network. Because of the lack of authentication mechanisms this can happen without any user authentication.

A successful attack would allow an attacker to change the firewall setup or administrative setup of broadband modems. Most of the professional routers will not allow UPnP. The most common target for this type of attack are broadband routers that are typically used by home-users to connect to the Internet via dsl or cable.

Because of the fact that a lot of environments now allow remote access via VPN through these broadband routers this might allow an attacker to gain access to corporate networks.

There is no vulnerability in Flash, UPnP or any underlaying browser. This vulnerability is simply the result of the present specifications of UPnP.

UPnP itself is a set of platform independent computer network protocols that simplify the configuration of different network devices. It allows the “Plug and Play” functionality of network devices.

The solution is to disable UPnP on your broadband routers.