https://www.bleepingcomputer.com/news/security/callstranger-upnp-bug-allows-data-theft-ddos-attacks-lan-scans/

A vulnerability in the Universal Plug and Play protocol implemented in billions of devices can be exploited to exfiltrate data, turn them into bots for distributed denial-of-service attacks (DDoS), and scan internal networks.

The bug got the name CallStranger and it affects all devices that run a UPnP version earlier than April 17. Included are all versions of Windows 10, routers, access points, printers, gaming consoles, doorphones, media applications and devices, cameras, television sets.