Security News > 2020 > March > Zyxel NAS, firewalls and LILIN DVRs and IP cameras conscripted into IoT botnets
A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned.
Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can't, to stop using the devices altogether or to put them behind network firewalls.
According to Palo Alto Networks' Unit 42, botmasters using a new Mirai strain dubbed Mukashi are exploiting CVE-2020-9054, a pre-authentication command injection flaw, to compromise and "Zombify" network-attached storage devices, firewalls, business VPN firewalls and unified security gateways.
"Owners of NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2 as well as some other ZyXEL devices may not be able to install firmware updates, as these devices are no longer supported," CERT/CC warned.
"Be cautious when updating firmware on affected devices, as the ZyXEL firmware upgrade process both uses an insecure channel for retrieving updates, and the firmware files are only verified by checksum rather than cryptographic signature. For these reasons, any attacker that has control of DNS or IP routing may be able to cause a malicious firmware to be installed on a ZyXEL device."
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ze0V7aVfAuM/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-04 | CVE-2020-9054 | OS Command Injection vulnerability in Zyxel products Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. | 10.0 |