it makes it simple for attackers to find devices to take over and add to botnets.
A vulnerability in some Huawei routers used for carrier ISP services allows cybercriminals to identify whether the devices have default credentials or not – without ever connecting to them.
CVE-2018-7900 exists in the router panel and allows credentials information to leak – so attackers can simply perform a
ZoomEye or Shodan IoT search to find list of the devices having default passwords – no need for bruteforcing or running the risk of running into a generic honeypot.
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
