CATEGORIES
home News

Linksys Confirms Router-Targeted 'TheMoon' Malware, Promises Firmware Fixes in Weeks Ahead

by Rob WilliamsMonday, February 17, 2014, 01:30 PM EDT

Hot on the heels of a 'TheMoon' exploit proof-of-concept being released, Linksys has both confirmed its existence, and also offers up some initial guidance.

'TheMoon' is a self-replicating piece of malware that targets a wide-range of Linksys routers, all of which can utilize a remote access feature. If this feature is enabled, a vulnerability effectively activates that allows someone to bypass the router's authentication system in order to gain access to its admin panel. On the flipside, if this feature is disabled (its official name is "Remote Management Access"), then this vulnerability simply won't exist.

Linksys itself hasn't prepared a list of affected models (yet), outside of stating that it involves older E and N routers, but an exploit writer who looked into official TheMoon files extracted this list:

E4200, E3200, E3000, E2500, E2100L, E2000, E1550, E1500, E1200, E1000, E900, E300, WAG320N, WAP300N, WAP610N, WES610N, WET610N, WRT610N, WRT600N, WRT400N, WRT320N, WRT160N and WRT150N

It's important to note that the above list might not be complete, and it might also include models which are not affected. Still, if you happen to use any aging Linksys router and have made use of the remote access feature, TheMoon is worth being cautious about.

Linksys has stated that firmware updates for all affected products is in the works, although it will be a couple of weeks before they hit its support site.

Addendum: Belkin has reached out to us to provide an official statement:

Linksys is aware of the malware called “The Moon” that has affected select older Linksys E-Series routers and select older Wireless-N access points and routers. The exploit to bypass the admin authentication used by the worm only works when the Remote Management Access feature is enabled. Linksys ships these products with the Remote Management Access feature turned off by default. Customers who have not enabled the Remote Management Access feature are not susceptible to this specific malware. Customers who have enabled the Remote Management Access feature can prevent further vulnerability to their network, by disabling the Remote Management Access feature and rebooting their router to remove the installed malware. Linksys will be working on the affected products with a firmware fix that is planned to be posted on our website in the coming weeks.
Tags:  Malware, Router, Enterprise, Networking, Linksys, Belkin
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment