I am running pfSense 2.0 on my gateway box with Snort (intrusion detection). Well Snort is picking up some traffic coming from my WDTVLive Hub every ten minutes that is being flagged as a Metasploit Meterpreter shell (meaning the Hub has been hacked). The host it is trying to connect to belongs to Akamai (23.0.86.212) and the destination port is 443 (HTTPS).
I saw on exploitdb that someone posted a paper on how to gain unauthorized root privileges on WDTVLive Hubs. Just wanted to check here to see if there is legitimate HTTPS traffic that my Hub should be attempting every 10 minutes which means my IDS/IPS is throwing false positives, or if my Hub has been pwned.
Also, do we know if the security issues in this paper have been addressed (2 firmwares since paper written).
