Security News > 2020 > March > Zyxel Flaw Powers New Mirai IoT Botnet Strain

Zyxel Flaw Powers New Mirai IoT Botnet Strain
2020-03-20 14:46

In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices.

Security experts at Palo Alto Networks said Thursday their sensors detected the new Mirai variant - dubbed Mukashi - on Mar. 12.

The new Mirai strain targets CVE-2020-9054, a critical flaw that exists in many VPN firewalls and network attached storage devices made by Taiwanese vendor Zyxel Communication Corp., which boasts some 100 million devices deployed worldwide.

Like other Mirai variants, Mukashi constantly scans the Internet for vulnerable IoT devices like security cameras and digital video recorders, looking for a range of machines protected only by factory-default credentials or commonly-picked passwords.

Zyxel issued a patch for the flaw on Feb. 24, but the update did not fix the problem on many older Zyxel devices which are no longer being supported by the company.


News URL

https://krebsonsecurity.com/2020/03/zxyel-flaw-powers-new-mirai-iot-botnet-strain/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-04 CVE-2020-9054 OS Command Injection vulnerability in Zyxel products
Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device.
network
low complexity
zyxel CWE-78
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 378 0 69 85 46 200