Security News > 2021 > August > Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit

A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research.

Warning that the vuln had been included in Dark.IoT's botnet "Less than a week" after it was publicly disclosed, Radware said: "This vulnerability was recently disclosed by IoT Inspectors Research Lab on August 16th and impacts IoT devices manufactured by 65 vendors relying on the Realtek chipsets and SDK.".

The critical vuln, rated 9.8 on the CVSS scale, consists of multiple routes to cause buffer overflows in the web management interface provided by Realtek in its Jungle SDK for its router chipset.

Nicknamed Dark.IoT by Radware, the Mirai variant's operators had been reported upon by Palo Alto Networks and by Juniper Threat Labs earlier this year, with Juniper warning that a two-day-old vuln had been deployed into Dark.IoT's software nasty.

The latest incorporation of the DoS vuln into the botnet relies on a path traversal vulnerability combined with a configuration file injection.

Sectigo CTO Jason Soroko recently told El Reg that the Mozi IoT botnet, a P2P network which also targets consumer IoT devices similarly to Dark.IoT, targets an inherent and long-standing problem with consumer routers; they're not easy for non-technical users to reflash new firmware onto them.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/25/mirai_botnet_critical_vuln_realtek_radware/