General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported . Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars.