Security News > 2025 > January > New Aquabotv3 botnet malware targets Mitel command injection flaw

New Aquabotv3 botnet malware targets Mitel command injection flaw

2025-01-30 00:55

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. [...]

News URL

https://www.bleepingcomputer.com/news/security/new-aquabotv3-botnet-malware-targets-mitel-command-injection-flaw/

#botnet #commandinjection #malware #mitel #CVE-2024-41710

Related news

BadBox malware botnet infects 192,000 Android devices despite disruption (source)
Malware botnets exploit outdated D-Link routers in recent attacks (source)
MikroTik botnet uses misconfigured SPF DNS records to spread malware (source)
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet (source)
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-12	CVE-2024-41710	A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Mitel		60	3	51	27	30	111

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.