New Mirai Variant Leverages 10 Vulnerabilities to Hijack IoT Devices

2021-03-17 13:54

Over the past month, a variant of the Mirai botnet was observed targeting new security vulnerabilities within hours after they had been disclosed publicly, researchers with Palo Alto Networks reveal.

What makes the variant tracked by Palo Alto Networks stand out in the crowd is the fact that, within a four-week timeframe, it started exploiting several vulnerabilities that have been disclosed this year.

On February 23, the Mirai variant was observed targeting CVE-2021-27561 and CVE-2021-27562, two vulnerabilities in the Yealink DM platform that had been disclosed the very same day.

In September 2020, Netgear published an advisory for this vulnerability, advising customers to update the firmware on their devices.

Other vulnerabilities being exploited in these attacks include a SonicWall SSL-VPN bug referred to as VisualDoor, CVE-2020-25506, CVE-2020-26919, and CVE-2019-19356.

"The attacks are still ongoing at the time of this writing. Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks reveals.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/7c32BU7TDxs/new-mirai-variant-leverages-10-vulnerabilities-hijack-iot-devices

#IOT #mirai #vulnerabilities #CVE-2020-26919 #CVE-2021-27562 #CVE-2021-27561 #CVE-2020-25506 #CVE-2019-19356

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-15	CVE-2021-27561	OS Command Injection vulnerability in Yealink Device Management 3.6.0.20 Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. network low complexity yealink CWE-78 critical	9.8
2021-05-25	CVE-2021-27562	Out-of-bounds Write vulnerability in ARM Trusted Firmware M In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. local low complexity arm CWE-787	4.9
2021-02-02	CVE-2020-25506	Command Injection vulnerability in Dlink Dns-320 Firmware 2.06B01 D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. network low complexity dlink CWE-77	7.5
2020-10-09	CVE-2020-26919	Unspecified vulnerability in Netgear Jgs516Pe Firmware 2.6.0.35 NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. network low complexity netgear	7.5
2020-02-07	CVE-2019-19356	OS Command Injection vulnerability in Netis-Systems Wf2419 Firmware 1.2.31805/2.2.36123 Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. network netis-systems CWE-78	8.5