[conexions]

I would just like to point out that, for all the talk of routers being vunerable, routers in general use busybox, which in turn uses ash shell as the default shell. Most routers will not be vunerable unless bash was explicitly installed.

https://forum.openwrt.org/viewtopic.php?id=52937

[buro9]

Whilst this is true, many NAS boxes do remain vulnerable and tend to have features that encourage users to make them world accessible (such as media servers).

I was tracking the changelog for the QNAP one that I use and was pleased to see that they didn't take too long to patch it: http://www.qnap.com/i/en/product_x_down/firmware_log.php?kw=...

[peterwwillis]

That's just openwrt. Other than VxWorks or QNX based hardware, a ton of network-connected devices ship with bash. Some even use it for their web interface backend.

Your office printers are probably vulnerable to this bug. So are medical devices, SANs, network switches, IP phones, cars, SCADA systems ... you name the device, I can probably name a vendor that ships bash on it. Here are the Cisco and Juniper devices affected: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10... http://tools.cisco.com/security/center/content/CiscoSecurity...

[smutticus]

Not only that. But if you're going to make a web interface available externally you're kinda asking for it. Whether it's Shellshock or not, you shouldn't let anyone but admins see admin interfaces. Restrict SSH and web access as much as possible.