During our research, we found a 0day remote code execution vulnerability (CVE-2017-17215) in Huawei home router HG532 model. The vulnerability allows remote users to execute arbitrary commands by injection shell meta-characters in 2 elements (NewStatusURL, NewDownloadURL) in a POST request sent to upgrade the device’s firmware. We have found hundreds of thousands of attempts in the wild to exploit it. Our investigation led to finding the threat actor, Kenneth Schuchman, a 20 year old guy from Washington with the covered nickname of ‘Nexus Zeta’. Although not seen like a highly professional hacker, he managed to succeed and we have found hundreds of thousands of attempts in the wild to exploit it. Following our research, Nexus Zeta was arrested and indicted on federal computer hacking charges in the US district court.
Link to the relevant publication: Huawei Home Routers in Botnet Recruitment https://research.checkpoint.com/good-zero-day-skiddie/
Links to relevant articles:
Satori botnet author in jail again after breaking pretrial release conditions - ZDnet https://www.zdnet.com/article/satori-botnet-author-in-jail-again-after-breaking-pretrial-release-conditions/
Newbie Hacker Fingered for Monster Botnet - The Daily Beast https://www.thedailybeast.com/newbie-hacker-fingered-for-monster-botnet
- SPEAKER Adi Ikan