Technical details about a vulnerability found in home based and SMB Linksys routers that have been exploited by a new work released on Sunday along with a proof-of-concept that has a long list of vulnerable device models.
Last week, security researchers from the SANS Institute’s Internet Storm Center identified a self-replicating malware software that can exploits and bypasses an authentication vulnerability to infect Linksys routers. The worm has been named TheMoon.
Initial reports from SANS found that the administration interface from the E-Series router models are the target of these infections, but may not be the only Linksys devices vulnerable to this CGI attack. An exploit writer, who used the online handle as REW, later confirmed writing these two scripts and left the following quote in response “I was hoping this would stay under wraps until a firmware patch could be released, but it appears the cat is out of the bag,” Rew wrote in the exploit notes.”… Read moreRead more