Linksys Router Users: Batten Down The Hatches!

Cisco, the owner of Linksys, is apparently working to get some kind of patch out for this potentially serious problem - meantime, one option would be to upgrade to a third-party firmware, such as DDWRT or Tomato.

Those that have Linksys Routers should beware, as they are potentially at risk from a computer worm that is exploiting an authentication bypass vulnerability on the devices' firmware, security researchers at the SANS Institute's Internet Storm Center (ISC) have warned.

The self-replicating programme is affecting Linksys E-series models E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000 and E900, and possibly more depending on firmware, though the ISC does not have a comprehensive list of the Linksys router models that are vulnerable.

"The worm will connect first to port 8080, and if necessary using SSL, to request the "/HNAP1/" URL," ISC explained on a diary post. "This will return an XML formatted list of router features and firmware versions. The worm appears to extract the router hardware version and the firmware revision."

The ISC said that the worm will send an exploit to a vulnerable CGI script running on these routers and that the request does not require authentication.

Read the rest of "Linksys Router Users Are Hit By 'The Moon' Worm" at TheInquirer.net


Comments