Saw this http request in the logs, what could it mean? It appears that in April 2014 there was a Linksys router vulnerability. The web admin page on routers provides the hndUnblock.cgi page to administrate. This page could be accessed by and attacker it apparently contains an OS command injection vulnerability that allows execution of commands against the router. So this attacker is simply running an automated linux script that calls the wget command and is looking to see if the vulnerable hndUnblock.cgi page exists.
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.