Не одна libupnp уязвима, miniupnp 1.0 тоже
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
http://web.nvd.nist.gov/view/vuln/de...=CVE-2013-0230
Я проверил на своем RT-N16: на заводской прошивке 3.0.0.4.260 с включенным UPnP для теста Rapid7 оказался неуязвим.
По данным Rapid7: "332 products use MiniUPnPd version 1.0, which is remotely exploitable. Over 69% of all MiniUPnPd fingerprints were version 1.0 or older."