The router is a fundamental piece for our connections. If you have a problem, a security flaw, everything can go wrong. Therefore, when an important vulnerability appears it is advisable to try to find the solution as soon as possible. In this article we echo two zero-day vulnerabilities that affect Tenda routers . They allow you to exploit them and create a botnet called Ttint.
Two security flaws affect Tenda routers
Ttint is a new botnet that also has RAT functions, so they could compromise the security of users remotely. It is not something that is usually present in botnets of this type.
According to the security researchers we echo, for almost a year they have been using zero-day vulnerabilities in Tenda routers to install malware and create a botnet to attack Internet of Things devices.
The Ttint botnet was investigated for the first time a few days ago in a report published by Netlab. It has important differences from other botnets previously detected.
Not only did it infect devices to perform DDoS attacks, but it also implemented 12 different methods of remote access to infected routers, used them as proxies to bypass traffic, tampered with the router’s firewall and DNS settings, as well as empowered attackers to run remote commands on infected computers.
This botnet has taken advantage of two zero-day vulnerabilities present in the unpatched Tenda routers. The first bug was logged as CVE-2020-10987. It was not corrected and only a few weeks later they exploited a second bug that Netlab did not show information for fear that other botnets would also start using it. Tenda did not correct this second error either.
From Netlab they indicated that any Tenda router that runs a firmware version between AC9 and AC18 should be considered vulnerable. Since Ttint has been seen to alter DNS settings on infected routers, it will most likely redirect users to malicious sites, so using one of these devices is not recommended.
Tenda router users who want to know if they are using vulnerable equipment can find firmware version information in the routers admin panel.
Ttint is based on Mirai
The Ttint botnet , as security researchers point out, is based on Mirai. As we know, the latter is one of the most popular and has been very present in recent times.
However he has created a more complex version of Mirai. It has acquired a few different botnets to create a more comprehensive one, therefore more dangerous for the victims who are affected by this problem.
Ultimately, Tenda routers can be vulnerable to two major security flaws. On many occasions we can see these types of problems, so the most important thing is to have the latest patches available as long as those responsible release them.