https://thehackernews.com/2022/06/zuorat-malware-hijacking-home-office.html
Just found another reason why use something like OpenWrt in home routers.
1 Like
targeting mips? strange approach in 2022
guess they abuse the combo old device + vulnerable kernel
Apart from enthusiasts, the bulk of mass deployed consumer routers (also keep ISP routers in mind; Broadcom/ bcm63xx/ bcm53xx might be the first 'early ARM user' in that domain) is probably still mips based and gets rarely updated (and vendor updates usually don't fix security issues they're not 'threatened' with anyways), nor replaced in any regular cadence (>10 years aren't rare). What's (still-) plenty and cheap, ath79 and mt7621…
1 Like
afaik anything that has vdsl2+ 35b broadcom is arm based soooo
Correct, but there's still ex-lantiq/ ex-intel/ MaxLinear (mips 24Kc). Yes, Broadcom is big in ISP branded cable- and xDSL all-in-one devices, but lantiq is still present (e.g. AVM's portfolio, yes this is mostly german/ EU/ AU centric - not large enough for Broadcom to bother, but still a larger player).
That sounds like our good old 4/32 openwrt warriors 
Don't forget regular updates to always have the latest and greatest patches! Just because it's running openwrt it's not auto magically immune 
1 Like
So it is correct that uclib-ng is used by OpenWRT and not vulnerable to this attack?
No, all supported versions of OpenWrt for half a decade have been using musl, not uclibc, not uclibc-ng.