Tuesday04 October 2022

New Exploit for Linksys routers takes things from bad to worse for connected devices

Reading time is around minutes.

Linksys has always had a name as a cost effective product for the consumer and even for small business. In the industry they have also been known to have some security issues. Not that long ago it was reported that a CGI script flaw in many of their E series routers allowed someone to bypass the requirement for admin credentials and gain unrestricted access to these products. Is if to add insult to injury malware has been identified in the wild that exploits the vulnerability.


The new worm, called TheMoon, popped up on the radar last week and appears to be spreading around the internet. According to some independent research it might not just be limited to Linksys, but could be hitting a vulnerable CGI script that could exist on other routers. It seems that the new worm is hitting the tmUnblock.cgi script which some are speculating relates to a Trend Micro feature that is available in some routers. Although the CGI script has been confirmed, no one has confirmed that it relates to TrendMicro as of this writing.

The new owner of the brand name Linksys, Belkin, has admitted that there is a flaw, but has not given out any information on exactly what routers are affected or when a fix is due. There are some fairly simple mitigation steps that you can take including changing the port used for admin communication to anything other than the standard 80. Some are saying that ensuring remote administration is turned off will also prevent this, but there is some evidence that it is not needed for this to work.

This is not the first time we have seen issues with web services embedded on devices internet connected devices. A few months ago we watched as a rather large number of wireless and wired IP cameras were found to have flaws which allow someone to remotely view and control them without any authentication at all. It raises concerns about the use of web servers on devices in this class as there are a large number of tools (most free) that allow you to discover exploits in them.

Over the last three years the number of attacks on connected devices has risen dramatically. We have seen hacks, flaws and exploits for everything from SCADA (supervisory control and data acquisition) to Bluetooth enabled toilets. If you have can connect to it someone will hack it. This means that the mentality of manufacturers of these devices needs to change. The fact that with the current level of malware, hacking and other security threats we are still seeing products with this type of flaw isn’t just sad, it is unacceptable.

Tell us what you think in our Forum


Last modified on Monday, 17 February 2014 13:15

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.