Security News > 2021 > March > New Mirai Variant Leverages 10 Vulnerabilities to Hijack IoT Devices

New Mirai Variant Leverages 10 Vulnerabilities to Hijack IoT Devices
2021-03-17 13:54

Over the past month, a variant of the Mirai botnet was observed targeting new security vulnerabilities within hours after they had been disclosed publicly, researchers with Palo Alto Networks reveal.

What makes the variant tracked by Palo Alto Networks stand out in the crowd is the fact that, within a four-week timeframe, it started exploiting several vulnerabilities that have been disclosed this year.

On February 23, the Mirai variant was observed targeting CVE-2021-27561 and CVE-2021-27562, two vulnerabilities in the Yealink DM platform that had been disclosed the very same day.

In September 2020, Netgear published an advisory for this vulnerability, advising customers to update the firmware on their devices.

Other vulnerabilities being exploited in these attacks include a SonicWall SSL-VPN bug referred to as VisualDoor, CVE-2020-25506, CVE-2020-26919, and CVE-2019-19356.

"The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks reveals.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/7c32BU7TDxs/new-mirai-variant-leverages-10-vulnerabilities-hijack-iot-devices

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-10-15 CVE-2021-27561 OS Command Injection vulnerability in Yealink Device Management 3.6.0.20
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
network
low complexity
yealink CWE-78
critical
 9.8
9.8
2021-05-25 CVE-2021-27562 Out-of-bounds Write vulnerability in ARM Trusted Firmware M
In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode.
local
low complexity
arm CWE-787
5.5
5.5
2021-02-02 CVE-2020-25506 OS Command Injection vulnerability in Dlink Dns-320 Firmware 2.06B01
D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution.
network
low complexity
dlink CWE-78
critical
 9.8
9.8
2020-10-09 CVE-2020-26919 Unspecified vulnerability in Netgear Jgs516Pe Firmware 2.6.0.35
NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.
network
low complexity
netgear
critical
 9.8
9.8
2020-02-07 CVE-2019-19356 OS Command Injection vulnerability in Netis-Systems Wf2419 Firmware 1.2.31805/2.2.36123
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page.
network
high complexity
netis-systems CWE-78
7.5
7.5