A Vulnerability has been Discovered that Endangers Hundreds of Thousands of IoT Devices –
Information security specialists of Australian company Elttam have found a way to remotely run malicious code on IoT-devices using a small GoAhead web server.
Researchers have tested GoAhead only to version 2.5.0, but all versions prior to 3.6.5 are suspected to be vulnerable. Technical details regarding the vulnerability CVE-2017-17562, Elttam posted on its blog.
About the discovered breach Elttam reported to the company Embed this, which owns GoAhead, and soon came out a patch. Now the manufacturers must install it on the affected equipment. It will take months, if not years, and some devices will not receive an update due to the expiration of their service life.
The Shodan service shows that 500 to 700 thousand devices are connected to the GoAhead server. Elttam published in its blog a test code that other experts can use to test the vulnerability to CVE-2017-17562.