Skip to main content

There's now an exploit for 'TheMoon' worm targeting Linksys routers

posted onFebruary 17, 2014
by l33tdawg

Technical details about a vulnerability in Linksys routers that's being exploited by a new worm have been released Sunday along with a proof-of-concept exploit and a larger than earlier expected list of potentially vulnerable device models.

Last week, security researchers from the SANS Institute's Internet Storm Center identified a self-replicating malware program that exploits an authentication bypass vulnerability to infect Linksys routers. The worm has been named TheMoon.

The initial report from SANS ISC said the vulnerability is located in a CGI script that's part of the administration interface of multiple Linksys' E-Series router models. However, the SANS researchers didn't name the vulnerable CGI script at the time. On Sunday, a Reddit user identified four CGI scripts that he believed were likely to be vulnerable. An exploit writer, who uses the online alias Rew, later confirmed that at least two of those scripts are vulnerable and published a proof-of-concept exploit.

Source

Tags

Security Linksys

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th