Security News > 2020 > October > Tenda Router Zero-Days Emerge in Spyware Botnet Campaign
Two former Tenda router zero-days are anchoring the spread of a Mirai-based botnet called Ttint.
For one, on the RAT front, researchers said that it implements 12 remote access functions, that combine with custom command-and-control server commands to carry out tasks like setting up a Socket5 proxy for router devices, tampering with router DNS, setting iptables and executing custom system commands.
In late August, a second critical Tenda router vulnerability emerged in the campaign.
The bug exists because the goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter, according to the CVE description.
"On August 28, 2020, we reported the details of the second 0-day vulnerability and the PoC to the router manufacturer Tenda via email, but the manufacturer has not yet responded," researchers said.
News URL
https://threatpost.com/tenda-router-zero-days-spyware-botnet/159834/
Related news
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (source)
- Police dismantles botnet selling hacked routers as residential proxies (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams (source)
- ⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More (source)