Anarchy (on the web): 18k-strong botnet secured in a day from router vuln
5 replies, posted
https://www.bleepingcomputer.com/news/security/router-crapfest-malware-author-builds-18-000-strong-botnet-in-a-day/
He didn't do it with a zero-day or some vulnerability that had not
been exploited before. He did so with a high-profile vulnerability that
many botnets have exploited before.
CVE-2017-17215 is a well-known exploit that has been abused by at least two versions of the Satori botnet [1, 2],
and many of the smaller Mirai-based offshoots. You'd think that by now
users would have patched devices or ISPs would have blocked incoming
connections on port 37215.
There's speculation that the author, Anarchy, also went by Wicked, who authored variations of the Mirai IoT malware. That said, it feels like this guy is doing it 'because he can'. Bless IoT
We’ve got a NETGEAR R7000 so I guess i’m front and center for this
Thank god Google makes routers now.
It's insane how awful Netgear/Linksys firmware is.
This module exploits an arbitrary command injection vulnerability
in Netgear R7000 and R6400 router firmware version
1.0.7.2_1.1.93 and possibly earlier.
https://files.facepunch.com/forum/upload/1755/0cccde33-e97e-4320-8fab-86a99cdd558b/image.png
https://files.facepunch.com/forum/upload/1755/ba2d8f70-6129-4104-b02d-0a14be93b302/image.png
I want to get off Mr Netgear's wild ride
Update directly through the netgear site (or just flash DDWRT)
https://www.netgear.com/support/product/R6400.aspx#Firmware%20Version%201.0.1.42
https://kb.netgear.com/000059544/R7000-Firmware-Version-1-0-9-34
http://www.desipro.de/ddwrt/K3-AC-Arm/