That original research only looked at one Wavlink router. This is the extended research with the help of two other researchers. And of course the attempted exploit from a malicious IP address which was detected only recently
I don't really like the way cybernews [0] is pushing the malicious narrative. There's a fairly large gap from "there is a security exploit being used in the wild" to "this exploit was intentional." This seems much more like the software equivalent of Chinesium.
This really reeks of corner-cutting and negligence. The only way around corner-cutting is to make it expensive and make "doing it right" the cheapest, most profitable way to build something. We can do that with hefty fines for retailers selling this garbage (I think there needs to be more onus on domestic businesses shoveling shit without smelling it first) and creating open hardware/software stacks that are easy to put in a box and sell for $20 on Amazon without hiring any software developers that could screw it up.
All the (three?) articles about this gloss over whether/how this is remotely exploitable or whether you need to be on the local network. This would seem to be evidence that it is:
> Basically, the first IP address you see there – 222.141.xx.xxx, which comes from China – was trying to upload a malicious file on the router using the vulnerabilities.
Since when does a router respond to the whole world on port 80 by default?
13 comments
[ 3.2 ms ] story [ 52.3 ms ] threadhttps://news.ycombinator.com/item?id=25186843
This really reeks of corner-cutting and negligence. The only way around corner-cutting is to make it expensive and make "doing it right" the cheapest, most profitable way to build something. We can do that with hefty fines for retailers selling this garbage (I think there needs to be more onus on domestic businesses shoveling shit without smelling it first) and creating open hardware/software stacks that are easy to put in a box and sell for $20 on Amazon without hiring any software developers that could screw it up.
[0] https://cybernews.com/security/walmart-exclusive-routers-oth...
> Basically, the first IP address you see there – 222.141.xx.xxx, which comes from China – was trying to upload a malicious file on the router using the vulnerabilities.
Since when does a router respond to the whole world on port 80 by default?