Her researchers Qihoo 360 have discovered that Moobot Botnet has successfully spread to fiber routers with zero-day vulnerability, for remote code execution. Overall, they are affected by the same vulnerability nine suppliers.
Recent zero-day vulnerabilities in IoT devices
Researchers have noticed that in the last 30 days or so, several zero-day vulnerabilities in IoT devices have exploded. botnets. Zero-day vulnerability in the LILIN DVR became exploit for the spread of Chalubo, FBot and Moobot botnets. On February 13, 2020, the supplier corrected the vulnerability and released the latest software program 2.0b60_20200207. DrayTek routers as well as various devices are affected by zero-day vulnerabilities. On February 10, 2020, the router manufacturer issued a newsletter security, which contained corrections for these vulnerabilities and released the latest 1.5.1 hardware program.
Distribution of Moobot Botnet to fiber routers
On February 28, 2020, researchers observed that the Moobot botnet successfully exploited vulnerabilities to spread to fiber routers including the Netlink GPON. router. The researchers informed CNCERT about the zero-day vulnerabilities that affect many fiber routers. Moobot is a new type of botnet based on Mirai. Apart from Monet Botnet, other botnets such as Fbot botnet and Gafgyt botnets have failed to spread to fiber routers as it takes two steps to exploit a zero-day vulnerability. The first step involves another vulnerability and the second involves its use PoC available on Exploit db. Researchers have not publicly disclosed the first part of the vulnerability.
Patience in Exploitdb PoC
Type: remote command execution
Details: The function of the Ping () command in the Web / bin / boa server program, when processing the post request from / boaform / admin / forming, does not check the target_addr parameters before calling the ping commands of the system, thus making command injection possible. .