Security News > 2020 > March > New Mirai Variant Delivered to Zyxel NAS Devices Via Recently Patched Flaw
A new variant of the notorious Mirai malware has been delivered by cybercriminals to network-attached storage devices made by Zyxel through the exploitation of a recently patched vulnerability.
Zyxel informed customers last month that some of its NAS devices and firewalls are affected by a critical vulnerability - tracked as CVE-2020-9054 - that can be exploited by a remote, unauthenticated attacker to execute arbitrary code on affected devices.
Researchers at Palo Alto Networks first spotted attacks involving the Zyxel device vulnerability on March 12.
The cybersecurity firm says malicious hackers have been exploiting the weakness to deliver a Mirai variant named Mukashi.
The attackers have exploited the Zyxel vulnerability to execute code and download the malware to NAS devices.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 10.0 |