As per the report from SANS ISC, The vulnerability was found in a CGI script that's part of the administration interface of multiple Linksys' E-series router models. The name of a CGI script is not revealed yet.
Here are some of the models list that might be vulnerable, E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N. List might not be accurate.
This vulnerability was found on Sunday from a Reddit user named as Rew, who was also an exploit writer believed that the four CGI were vulnerable while using the online alias, later he confirmed that two scripts are vulnerable and published a proof-of-concept exploit. He stated, "I was hoping this would stay under wraps until a firmware patch could be released, but it appears the cat is out of the bag,"
Belkin, The owner of Linksys didn't named the exact models which are affected but confirmed that some Wireless-N routers are affected. Linksys published a technical article on its website with instructions on how to install the latest firmware version and disable remote management on affected devices.
"Linksys is aware of the malware called 'The Moon' that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers," said Karen Sohl, director of global communications at Belkin, in an emailed statement Sunday. "The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default."
0 comments:
Post a Comment