April 20, 2020 By Tara Seals
Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March.
The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers, other botnets have attempted to do the same, but have so far failed.
According to researchers at NetLab 360, the operators of the Mootbot botnet in late February started to exploit a zero-day bug found in nine different types of fiber routers used to provide internet access and Wi-Fi to homes and businesses (including the Netlink GPON router). The flaw is a remote code-execution bug with a public proof-of-concept (PoC) exploit – but for it to be used successfully to compromise a target router, it must be paired with a second vulnerability.