Intrusion Prevention

Linksys.Eseries.Router.Remote.Command.Execution

Description

This indicates an attack attempt to exploit a remote Code Execution Vulnerability in Linksys E-series Router.
It is exploited by TheMoon worm.
The vulnerability is due to a error in failing to properly sanitized user input from a HTTP request. A remote attacker could exploit this to execute arbitrary code execution within the context of the application, via a crafted HTTP request.

Affected Products

Linksys E4200
Linksys E3200
Linksys E3000
Linksys E2500
Linksys E2100L
Linksys E2000
Linksys E1550
Linksys E1500
Linksys E1200
Linksys E1000
Linksys E900
Linksys E300
Linksys WAG320N
Linksys WAP300N
Linksys WAP610N
Linksys WES610N
Linksys WET610N
Linksys WRT610N
Linksys WRT600N
Linksys WRT400N
Linksys WRT320N
Linksys WRT160N
Linksys WRT150N

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.