Recently I've been looking into another UPnP profile: Remote UI Client and Server. With the RemoteUIClient it is possible to have some fun. I've put it on a seperate page.

I have not informed the vendor, since this is not a security risk, but intended behaviour. It is terribly annoying though and more suited for social engineering.