Intel Name: New rust botnet “rustobot” is routed via routers
Date of Scan: April 22, 2025
Impact: High
Summary: A newly identified botnet called RustoBot is spreading through TOTOLINK routers using Rust, a programming language known for its speed and security. RustoBot exploits command injection vulnerabilities in the cstecgi.cgi script, including CVE-2022-26210 and CVE-2022-26187, to achieve remote code execution. Additionally, attackers exploited CVE-2024-12987, an OS command injection flaw in DrayTek devices. These attacks, observed in Japan, Taiwan, Vietnam, and Mexico, primarily targeted the technology sector.
