Security News > 2023 > March > Realtek and Cacti flaws now actively exploited by malware botnets

Realtek and Cacti flaws now actively exploited by malware botnets
2023-03-30 18:44

Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware.

The targeted flaws are CVE-2021-35394, a critical remote code execution vulnerability in Realtek Jungle SDK, and CVE-2022-46169, a critical command injection flaw in the Cacti fault management monitoring tool.

Both flaws have been exploited by other botnet malware in the past, including Fodcha, RedGoBot, Mirai, Gafgyt, and Mozi.

Fortinet captured three malware variants, indicating that it is being actively developed.

New Mirai malware variant infects Linux devices to build DDoS botnet.

New HeadCrab malware infects 1,200 Redis servers to mine Monero.


News URL

https://www.bleepingcomputer.com/news/security/realtek-and-cacti-flaws-now-actively-exploited-by-malware-botnets/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-46169 Incorrect Authorization vulnerability in Cacti
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users.
network
low complexity
cacti CWE-863
critical
9.8
2021-08-16 CVE-2021-35394 Unspecified vulnerability in Realtek Jungle SDK
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary.
network
low complexity
realtek
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cacti 1 0 53 32 5 90
Realtek 35 0 6 29 8 43