back to article Malware-flinging Linksys vulnerability confirmed as a HNAP1 bug

The worm called “The Moon”, which began spreading between Linksys home broadband kit last week, has been confirmed as a problem with the devices' HNAP1 implementation, and an exploit has been made public. The exploit was posted to Exploit-db.com by user Rew, who said this Reddit discussion meant the “cat's out of the bag”. …

COMMENTS

This topic is closed for new posts.
  1. Sanctimonious Prick

    Mr. Snowden...

    What say you?

  2. Dive Fox

    The E2000 and some others can run DD-WRT, which mitigates this vulnerability. Call me Goku, cause I'm just sayin'.

  3. Grease Monkey Silver badge

    "the E1000 is on the no-longer-supported list"

    IIRC the E1000 would be about four years old. So Cisco no longer release critical software patches for a product less than four years old? And people complain about Microsoft...

    1. Anonymous Coward
      Anonymous Coward

      It's Belkin now

      Nothing to do with Cisco - Belkin aquired Linksys in 2013...

      1. Grease Monkey Silver badge

        Re: It's Belkin now

        Ah, but it was a Cisco product when the E1000 was launched and when it went end of support. So if you're going to be pedantic check first.

  4. Sanctimonious Prick

    Two Down Votes

    For mentioning Edward Snowden?

    How come el Reg haven't reported on the latest Snowden leak, even after I sent them a link to a BBC article? Hmm?

    GCGQ: el Reg, you're generating a lot of negative publicity. Stop reporting on us NOW!

    el Reg: OK.

    1. Anonymous Coward
      Anonymous Coward

      Re: Two Down Votes

      "GCGQ: el Reg, you're generating a lot of negative publicity. Stop reporting on us NOW!

      el Reg: OK."

      Well .... the article you linked to is about Australian spies tapping a US company, who represent Indonesia.

      What makes you think GCHQ care whether the Register publish a story about that?

      Especially if the BBC already have?

      1. Sanctimonious Prick

        Re: Two Down Votes

        Because of the fact that el Reg have NOT reported on it! Hello?

    2. Grease Monkey Silver badge

      Re: Two Down Votes

      @Sanctimonious Prick I think the downvotes are there because the comment is not relevant to the story. Furthermore I doubt that downvoters could tell that the had anything to do with the Snowden/Australia/Indonesia/US story - looking back at it now I don't think there's even a clue that it had.

    3. Old Handle

      Re: Two Down Votes

      The downvotes were for being pretentious and cryptic. If you have some meaningful and relevant to this article to say, just say it. Don't make us guess what the connection between Snowden and The Moon is.

  5. Andrew Commons

    Since June last year

    I have seen GET /HNAP1/ HTTP/1.1 requests dropped at my (personal) edge servers. It ramped up in December last year.

    So it has been known for quite a while?

  6. Ole Juul

    So it's a vulnerability

    There's plenty of those around already. Is this going to make much difference? It's not like Linksys/Belkin is known for fine router software and somebody would buy one of these particular models based on some assumption of quality. More like these are marketed to the crowd who already has some virus running on their computer.

    1. Grease Monkey Silver badge

      Re: So it's a vulnerability

      Most end users aren't aware that their home router could be vulnerable. This isn't the fault of the end user, it's the fault of the industry that sold it to them.

      Furthermore I suspect most owners of some of the kit on the list would be frankly gobsmacked that their kit was no longer supported. As somebody pointed out in a comment on another story here only last week you'd be shocked to find that a ten year old car was no longer supported by the manufacturer. Or given that the router is a domestic appliance you'd be gobsmacked to find your three year old washing machine was no longer supported by the manufacturer and this is the real big issue with this story.

      It's not so much that these relatively new products are vulnerable, it's that they are vulnerable and the manufacturer has no intention of fixing them. If they were some poxy cheap brand you'd never heard of you wouldn't be surprised, but Linksys are big ticket items as far as HOME routers go.

  7. Sebastian A
    Pint

    Uneasy feelings

    The Internet of Things, increasingly complex software/firmware, and seemingly no improvement in the average users' nous leads me to think we're heading into a golden age of worms and malware. Time to get in to the security biz, everyone and everything's going to need these services.

    Golden brew for a golden age.

    1. Grease Monkey Silver badge

      Re: Uneasy feelings

      Since every home owner doesn't have the financial wherewithal or IT nous to buy and maintain an IPS device I think it's about time that ISPs are forced by law to run hefty IPS devices at their exchanges.

  8. M132

    It's NOT a HNAP1 bug.

    The Moon makes HNAP1 request just to check model and firmware version of device. If it matches with one in hardcoded list, it sends shell commands to exploitable script tmUnblock.cgi, to wget itself and execute on device.

This topic is closed for new posts.

Other stories you might like