• Anarchy (on the web): 18k-strong botnet secured in a day from router vuln
    5 replies, posted
https://www.bleepingcomputer.com/news/security/router-crapfest-malware-author-builds-18-000-strong-botnet-in-a-day/ He didn't do it with a zero-day or some vulnerability that had not been exploited before. He did so with a high-profile vulnerability that many botnets have exploited before. CVE-2017-17215 is a well-known exploit that has been abused by at least two versions of the Satori botnet [1, 2], and many of the smaller Mirai-based offshoots. You'd think that by now users would have patched devices or ISPs would have blocked incoming connections on port 37215. There's speculation that the author, Anarchy, also went by Wicked, who authored variations of the Mirai IoT malware. That said, it feels like this guy is doing it 'because he can'. Bless IoT
We’ve got a NETGEAR R7000 so I guess i’m front and center for this
Thank god Google makes routers now. It's insane how awful Netgear/Linksys firmware is.
This module exploits an arbitrary command injection vulnerability in Netgear R7000 and R6400 router firmware version 1.0.7.2_1.1.93 and possibly earlier. https://files.facepunch.com/forum/upload/1755/0cccde33-e97e-4320-8fab-86a99cdd558b/image.png https://files.facepunch.com/forum/upload/1755/ba2d8f70-6129-4104-b02d-0a14be93b302/image.png I want to get off Mr Netgear's wild ride
Update directly through the netgear site (or just flash DDWRT) https://www.netgear.com/support/product/R6400.aspx#Firmware%20Version%201.0.1.42 https://kb.netgear.com/000059544/R7000-Firmware-Version-1-0-9-34 http://www.desipro.de/ddwrt/K3-AC-Arm/
https://files.facepunch.com/forum/upload/1755/25e02670-c04e-4afb-ab21-911636cc8267/image.png
Sorry, you need to Log In to post a reply to this thread.