The vulnerability has been known for almost a year, but many users haven't applied the patches
The Ubiquiti Networks AirRouter
Routers and other wireless devices made by Ubiquiti Networks have recently been infected by a worm that exploits a year-old remote unauthorized access vulnerability.
"This is an HTTP/HTTPS exploit that doesn't require authentication," Ubiquiti said in an advisory.
"Simply having a radio on outdated firmware and having its http/https interface exposed to the Internet is enough to get infected."
The vulnerability was reported privately to Ubiquiti last year through a bug bounty program and was patched in airMAX v5.6.2, airMAX AC v7.1.3, airOS 802.11G v4.0.4, TOUGHSwitch v1.3.2, airGateway v1.1.5, airFiber AF24/AF24HD 2.2.1, AF5x 184.108.40.206 and AF5 2.2.1.
Ubiquiti Networks has also created a Java-based application that can automatically remove the infection from affected devices.
It can be used on Windows, Linux and OS X.
Router security is particularly bad in the consumer market, where large numbers of routers can remain vulnerable to known vulnerabilities for years and can be compromised en masse to create distributed denial-of-service DDoS botnets or to launch man-in-the-middle attacks against their users.