Universal Plug and Play can sometimes be leveraged to open ports without your knowledge. To help you more specifically,
The ZTE F680 exploit has significant implications for:
Recent 2024 advisories have identified stack-based buffer overflows in the HTTPD binary of multiple ZTE routers. This occurs in the check_data_integrity function when it fails to validate checksums before storing them on the stack, potentially allowing an unauthenticated attacker to gain root-level RCE .
Attackers could modify critical WAN settings or routing rules.
From the compromised router, the attacker can:
You click an ad on a news site. The ad’s JavaScript silently sends http://192.168.1.1:4567/.../SetDNSServer to your router. Your router now sends all your traffic to a hacker’s DNS server. You try to visit your bank, but you’re redirected to a fake login page.
Move away from factory-set usernames and passwords immediately.
(assuming outdated firmware):