tfvc.org
10-26-2017, 07:39 PM
There is a botnet that is brewing called "reaper". So far millions of devices have been infected and growing but the payload has not gone live.
Source (https://research.checkpoint.com/new-iot-botnet-storm-coming/):
Here are the devices that are suspected to be infectable and infected:
Vendor Protection Name Seen in the Context of the current Attack?
GoAhead Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure +
Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution +
D-Link D-Link 850L Router Remote Code Execution +
D-Link DIR800 Series Router Remote Code Execution +
D-Link DIR800 Series Router Information Disclosure +
D-Link 850L Router Remote Unauthenticated Information Disclosure +
D-Link 850L Router Cookie Overflow Remote Code Execution +
Dlink IP Camera Video Stream Authentication Bypass – Ver2 +
Dlink IP Camera Luminance Information Disclosure – Ver2
D-Link DIR-600/300 Router Unauthenticated Remote Command Execution
+
+
Dlink IP Camera Authenticated Arbitrary Command Execution – Ver2 –
TP-Link TP-Link Wireless Lite N Access Point Directory Traversal –
TP-LINK WR1043N Multiple Cross-Site Request Forgery –
Netgear DGN Unauthenticated Command Execution
Netgear ReadyNAS Remote Command Execution
+
+
NETGEAR Netgear DGN2200 dnslookup.cgi Command Injection –
Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload –
NETGEAR Routers Authentication Bypass –
NETGEAR ReadyNAS np_handler Code Execution –
Netgear R7000 and R6400 cgi-bin Command Injection –
AVTECH AVTECH Devices Multiple Vulnerabilities +
MikroTik MikroTik RouterOS SNMP Security Bypass –
MikroTik RouterOS Admin Password Change –
Mikrotik Router Remote Denial Of Service –
Linksys Belkin Linksys WRT110 Remote Command Execution – Ver2 –
Linksys WRH54G HTTP Management Interface DoS Code Execution – Ver2 –
Belkin Linksys WRT110 Remote Command Execution –
Belkin Linksys Multiple Products Directory Traversal –
Belkin Linksys E1500/E2500 Remote Command Execution +
Cisco Linksys PlayerPT ActiveX Control Buffer Overflow –
Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow –
Synology Synology DiskStation Manager SLICEUPLOAD Code Execution –
Linux Linux System Files Information Disclosure +
If you have one of those devices check to see if there are any recent updates for it. If you don't have any recent updates for the device you may want to consider taking a hammer to it.
As a general rule anything that you have that is attached to the internet should be regularly checked to be sure that it is up to date and secure. Anything that has an update over 1-2 years old can be a security risk to both your network and the internet in general. That device is running an operating system, more than likely it is a Linux/unix variant and just like your home computer can get compromised due to old software running on it and holes in security found and taken advantage of.
Source (https://research.checkpoint.com/new-iot-botnet-storm-coming/):
Here are the devices that are suspected to be infectable and infected:
Vendor Protection Name Seen in the Context of the current Attack?
GoAhead Wireless IP Camera (P2P) WIFICAM Cameras Information Disclosure +
Wireless IP Camera (P2P) WIFICAM Cameras Remote Code Execution +
D-Link D-Link 850L Router Remote Code Execution +
D-Link DIR800 Series Router Remote Code Execution +
D-Link DIR800 Series Router Information Disclosure +
D-Link 850L Router Remote Unauthenticated Information Disclosure +
D-Link 850L Router Cookie Overflow Remote Code Execution +
Dlink IP Camera Video Stream Authentication Bypass – Ver2 +
Dlink IP Camera Luminance Information Disclosure – Ver2
D-Link DIR-600/300 Router Unauthenticated Remote Command Execution
+
+
Dlink IP Camera Authenticated Arbitrary Command Execution – Ver2 –
TP-Link TP-Link Wireless Lite N Access Point Directory Traversal –
TP-LINK WR1043N Multiple Cross-Site Request Forgery –
Netgear DGN Unauthenticated Command Execution
Netgear ReadyNAS Remote Command Execution
+
+
NETGEAR Netgear DGN2200 dnslookup.cgi Command Injection –
Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload –
NETGEAR Routers Authentication Bypass –
NETGEAR ReadyNAS np_handler Code Execution –
Netgear R7000 and R6400 cgi-bin Command Injection –
AVTECH AVTECH Devices Multiple Vulnerabilities +
MikroTik MikroTik RouterOS SNMP Security Bypass –
MikroTik RouterOS Admin Password Change –
Mikrotik Router Remote Denial Of Service –
Linksys Belkin Linksys WRT110 Remote Command Execution – Ver2 –
Linksys WRH54G HTTP Management Interface DoS Code Execution – Ver2 –
Belkin Linksys WRT110 Remote Command Execution –
Belkin Linksys Multiple Products Directory Traversal –
Belkin Linksys E1500/E2500 Remote Command Execution +
Cisco Linksys PlayerPT ActiveX Control Buffer Overflow –
Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow –
Synology Synology DiskStation Manager SLICEUPLOAD Code Execution –
Linux Linux System Files Information Disclosure +
If you have one of those devices check to see if there are any recent updates for it. If you don't have any recent updates for the device you may want to consider taking a hammer to it.
As a general rule anything that you have that is attached to the internet should be regularly checked to be sure that it is up to date and secure. Anything that has an update over 1-2 years old can be a security risk to both your network and the internet in general. That device is running an operating system, more than likely it is a Linux/unix variant and just like your home computer can get compromised due to old software running on it and holes in security found and taken advantage of.