This is a three-stage attack leveraging three separate issues: CSRF token recovery vulnerability and the two findings in TWSL2018-003. As a result, any user connected to the router can run OS commands as root on the device without providing any credentials.
TWSL2018-004: Command Injection Vulnerability on D7000, EX6200v2 and Some Routers
Only six products are affected, this allows to run OS commands as root during short time window when WPS is activated.
How do I know my modem/router is affected?
A router is a computer with CPU, RAM, and storage that can all be accessed. If someone gains administrative access and uploads a custom OS to your router, they can even disable firmware updates and uploads. At this point, your router is now just a plain old infected router.
There are few obvious signs. Things to look for include
Increased internet traffic – look at your ISP account and see if there are any increases over the usual level. While its easy to blame the NBN or your ISP slow internet speeds when they are usually fast are a dead giveaway
Router acting ‘strangely’. Have you had to reboot the router, has it lost connectivity to the internet, is it simply not working as you remember it
Your router lights – especially the internet connection lights are very active
Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
Under Current Versions, select the download whose title begins with Firmware Version.
Click Release Notes.
Follow the instructions in the firmware release notes to download and install the new firmware.
Then perform good router hygiene
Change the administrator password – don’t reuse any other password
Change the Wi-Fi login password
Look at the connected devices (if you have access to the administration interface) and block any unknown ones.
Use Mac address filtering only to allow known Mac addresses to access it
Turn off the Guest Network (unless you need it)
Make sure firewall settings (if applicable) are enabled
Turn off UPnP (it should not affect the home network unless you have a network storage device that uses it).
Install network-based security – devices like Trend Micro Home Network Security offer hardware and software protection to all devices on the network and Fingbox can help prevent unwanted intrusions