So I have seen people playing with this for some time, but it looks as if the stakes have been raised a little bit now.
So for those who don't know:
"UPnP, or universal plug and play, is a handy feature that lets devices on your network self-configure on a network, but it’s also a security hazard. A Trojan horse or virus on a computer inside your network could use UPnP to open a hole in your router’s firewall to let outsiders in."
Home Router Security Tips
Andy Garcia has written up a little tool that can demonstrate this problem. Attackers can redirect your traffic, reconfigure your router, and scan your internal network. .....And this is because the WAN port accepts UPnP commands? WTF! Why can't vendors turn stuff like this off on default, since most people don't use it or really even know what it does.
Ugggh!