Mootbot Botnet Targets Fiber Routers with Dual Zero-Days

“More security teams focus on their Patch Tuesday fixes than updating the devices they frequently expose directly to the internet.” Yep…:

The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers, other botnets have attempted to do the same, but have so far failed.

According to researchers at NetLab 360, the operators of the Mootbot botnet in late February started to exploit a zero-day bug found in nine different types of fiber routers used to provide internet access and Wi-Fi to homes and businesses (including the Netlink GPON router). The flaw is a remote code-execution bug with a public proof-of-concept (PoC) exploit – but for it to be used successfully to compromise a target router, it must be paired with a second vulnerability.

“It is likely most of the vendors are OEM products of the same original vendor,” the firm explained in a recent posting. However, NetLab 360 said that it wouldn’t release the original vendor’s name nor details of the second bug, because the vendor told the security firm that it didn’t see the bug as viable.


Original article here