SANS has provided additional details on a worm called Moon, which was observed spreading between Linksys devices last week. According to research, it’s been suggested that the exploited vulnerability is part of HNAP. The exploit code needed to replicate the attack conducted by the ‘Moon’ worm has been published online to exploit-db.com. While functional, the exploit code currently works over LAN. According to Cisco, if the web guide user interface of the router “is configured to only use HTTPS””]
Source: https://www.csoonline.com/article/2137020/moon-worm-likely-targets-hnap-says-sans.html