As far as I know OpenWRT is not affected if you don't have any open port (telnet/ssh....)?
"It's targeting any Unix-like system with default login credentials,"
Sounds like natural selection, if your IoT devices still have the default password and you have telnet open to the internet
It sounds like a joke, but, if more than 2000 devices have been affected by Silex, something is very wrong in security (in general terms).
I was being snarky, but yes, security is a known issue with IoT (the S stands for Security). Millions of devices with the same default password, blindly stuck on networks by people who know no better. And, worse, devices with undocumented backdoor admin accounts with passwords that can't be changed.
I'd rephrase that
It sounds like a joke if only 2,000 devices have been affected
California (US state), at least, has banned sale of devices with default passwords starting next year. See, for example https://www.bbc.com/news/technology-45757528
That link references what a "real" IoT virus can do
An attack by malware known as VPNFilter is currently targeting home routers and is believed to have infected more than 500,000 devices.
As sysadmin the firts thing to do when you receive a new device is change default user/password, if you don't do that, the problem is not IoT or Silex, the problem is you don't take care of your devices and security.
Those are the key words -- most people who own Internet-connected devices aren't sysadmins, nor will they ever be. They are "appliance operators".
As and end-user, the last thing you know is that the shiny device you just bought can be remotely accessed, has a port open to the whole world, was configured with a default password, or what any of this means.
I agree with you @eduperez but, in my opinion hardware manufacturers should take care of it, the shame is on the manufacturers not the final home users.