Linksys Routers Exploited By "TheMoon"

Tagged: Linksys, router, Virus, Computer Hardware, Technology
Source: Slashdot - Read the full article
Posted: 23 weeks 3 days ago

"A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is being used to mass-exploit various Linksys routers right now. Infected routers will start scanning for vulnerable systems themselves, leading to a very fast spread of this 'worm.'"

 

Comments

Tivon
Tivon's picture
Offline
Joined: 04/26/2002
Posts: 1874

To detect potentially vulnerable devices use the following command:

echo "GET /HNAP1/ HTTP/1.1\r\nHost: test\r\n\r\n" | nc routerip 8080

Devices that return the XML HNAP output may be vulnerable.

° º ¤ ø . ¸ . ø ¤ º ° º ¤ ø . ¸ ¸ . ø ¤ º ° º ¤ ø . ¸ . ø ¤ º ° º ¤ ø . ¸

Don't test my skills, I was trained by myself! Check out my Gaming Videos!

Tivon
Tivon's picture
Offline
Joined: 04/26/2002
Posts: 1874

I'm gathering more information from Slashdot on this problem.

"Here is a list of router models mentioned in the binary:
E4200
E3200
E3000
E2500
E2100L
E2000
E1550
E1500
E1200
E1000
E900"