UPnP can be disabled on many devices using the Web User Interface. Instructions on how to disable UPnP are generally given in the Product Administration Guide
. For example, in the "Configuring Basic Firewall Settings" section of the RV-120W Administration Guide
, there is a checkbox to enable/disable UPnP. For additional information, see http://www.cisco.com/en/US/docs/routers/csbr/rv110w/administration/guide/rv110w_admin.pdf#page84
Customers should follow basic hardening rules when configuring wireless devices, such as not allowing "Guest" access and requiring authentication credentials to login.
Customers can also block traffic from untrusted hosts on UDP port 1900 to affected devices using infrastructure access control lists (iACLs). This protection mechanism filters and drops packets that are attempting to exploit these vulnerabilities.
Effective exploit prevention can also be provided by the Cisco ASA 5500 Series Adaptive Security Appliance and the Firewall Services Module (FWSM) for Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers using transit access control lists (tACLs).
Cisco has released an Applied Mitigation Bulletin (AMB) that explains how to detect and mitigate potential exploitation of these vulnerabilities. The AMB is available at: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28005