Security News > 2020 > October > Tenda Router Zero-Days Emerge in Spyware Botnet Campaign
Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint.
For one, on the RAT front, researchers said that it implements 12 remote access functions, that combine with custom command-and-control server commands to carry out tasks like setting up a Socket5 proxy for router devices, tampering with router DNS, setting iptables and executing custom system commands.
In late August, a second critical Tenda router vulnerability emerged in the campaign.
The bug exists because the goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter, according to the CVE description.
"On August 28, 2020, we reported the details of the second 0-day vulnerability and the PoC to the router manufacturer Tenda via email, but the manufacturer has not yet responded," researchers said.
News URL
https://threatpost.com/tenda-router-zero-days-spyware-botnet/159834/