I was reading a piece in Wired recently about security and the Internet of Things, and the discussion included router vulnerabilities and how the UPnP settings on one’s router leave the it vulnerable to attack.
That led me on a hunt through my files and I discovered this tidbit I saved back in 2014.
UPnP should always be disabled unless you have a specific need for it, such as having multiple game consoles in the house.
IGMP proxying should be left enabled unless it causes problems. This allows the router to convert Multicast traffic into Unicast traffic, allowing for the network especially wireless devices, to work more efficiently.
While testing improvements to the Nessus UPnP implementation we found an information disclosure vulnerability in Verizon's Fios Quantum Gateway G1100. The G1100 has three listening UPnP servers. One the user can disable and two they cannot. This advisory concerns the UPnP server on port 1901 that the user cannot disable.