Chinese-made routers, sold on Amazon and eBay, contain hidden backdoor and are being exploited by Mirai malware and other methods

CyberNews.com’s Investigations team today announced that they have identified hidden backdoors in Chinese-manufactured routers that share common firmware, with evidence that the routers are being exploited by the Mirai malware. In a collaboration between CyberNews.com Senior Information Security Researcher Mantas Sasnauskas and researchers James Clee and Roni Carta, the team found that routers sold by Amazon, eBay and Walmart are all affected, and vulnerabilities are already being exploited.

The two brands identified are, Wavlink routers that are available on eBay and also highlighted as an Amazon Choice Router, and Jetstream routers which are sold exclusively at Walmart. 

These critical vulnerabilities allow attackers to remotely control the routers as well as any device connected to that network and monitor all the traffic coming through that router. It's akin to constant surveillance on your personal network, with someone watching all your activity and stealing all your information. Additionally, the Wavlink routers contain a script that lists nearby wifi and has the capability to compromise those networks.

CyberNews has already detected multiple malicious attempts from a Chinese IP address, which is trying to upload and execute a harmful script on the routers. After investigating the suspicious file, the investigation team has identified that is part of the infamous Mirai botnet.

The Mirai botnet has been responsible for multiple major attacks, including a large-scale DDoS attack in 2016 that left much of the internet inaccessible on the US East coast.

“After my initial findings on the first router I purchased, I bought two more repeaters off Amazon,” said Clee. “Although they are very different physically and slightly different technically, all three had almost the exact same exploit chain. It's hard to make sweeping, definitive statements, but given that all three had the same flaws I’d suspect that many more Wavlink devices are the same.”

When CyberNews.com attempted to find information on the companies behind these routers, it appears that both Jetstream and Wavlink are subsidiaries of a Shenzhen-based company known as Winstars Technology Ltd, which reportedly exports 1-2M pieces per month.

To date, none of the retailers or manufacturers involved have responded to the findings.

Researchers Clee and Carta are in agreement that the backdoors found are intentional. “This is not a mistake,” Carta asserts. “Someone had to take the decision to make the password client-side. A human conceived this code knowing that this would be accessible from an unauthenticated user. Now, the question is why?”

“The fact that there’s a GUI for RCE, and the fact that a page was established to validate a password outside of the existing authentication mechanisms, leads me to believe that neither were an accident, Clee said.”

Mantas Sasnauskas, a Senior Researcher on CyberNews.com’s Investigations team, said “We are working hard to see if we can identify any active exploitation, as the investigation has revealed the vulnerabilities of these routers are being exploited by the Mirai malware. Such vulnerabilities in Chinese hardware or software can’t be discussed without acknowledging the Chinese government’s position on national and international surveillance.

Chinese data retention laws force Chinese companies, or companies operating in China, to keep data on servers located inside the country – and to provide practically unrestricted access to that data to law enforcement. This includes even encrypted data, with the Chinese government requiring access to decryption keys.” He continued, “This type of undocumented backdoor access is a major reason that the United States, Germany, and other governments around the world banned Huawei when they found that the Chinese company could secretly access sensitive information for devices that it sold.”

Existing customers are advised to stop using Jetstream and Wavlink routers, temporarily shut down the network, clean computers, and reset computer passwords and logins for online accounts to protect themselves, their families and their neighbors.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Survey: Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Mobile Applications Are Empowering Security Personnel

    From real-time surveillance and access control management to remote monitoring and communications, a new generation of mobile applications is empowering security personnel to protect people and places. Mobile applications for physical security systems are emerging as indispensable tools to enhance safety. They also offer many features that are reshaping how modern security professionals approach their work. Read Now

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3