• KidOPM
    link
    fedilink
    English
    arrow-up
    10
    ·
    8 months ago

    In this particular case, the method of infection of the router was not disclosed. However, typically, the most common methods involve an open administration port to the internet (user interface or TR-069) or through the internal interface, in case a network host has been compromised.

    They often perform brute-force password attacks, and once access is obtained, they look for typical Linux administrative tools (such as bash, etc.) and proceed to compromise the router.

    So I understand that a router with custom firmware can be compromised if it has a weak password and resources to maintain the infection, or of course, a vulnerability that is exploitable.