Security News > 2023 > March > Realtek and Cacti flaws now actively exploited by malware botnets
2023-03-30 18:44
Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware.
The targeted flaws are CVE-2021-35394, a critical remote code execution vulnerability in Realtek Jungle SDK, and CVE-2022-46169, a critical command injection flaw in the Cacti fault management monitoring tool.
Both flaws have been exploited by other botnet malware in the past, including Fodcha, RedGoBot, Mirai, Gafgyt, and Mozi.
Fortinet captured three malware variants, indicating that it is being actively developed.
New Mirai malware variant infects Linux devices to build DDoS botnet.
New HeadCrab malware infects 1,200 Redis servers to mine Monero.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |
| 2021-08-16 | CVE-2021-35394 | Unspecified vulnerability in Realtek Jungle SDK Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. | 9.8 |