Security News > 2025 > January > New Aquabotv3 botnet malware targets Mitel command injection flaw

New Aquabotv3 botnet malware targets Mitel command injection flaw

2025-01-30 00:55

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. [...]

News URL

https://www.bleepingcomputer.com/news/security/new-aquabotv3-botnet-malware-targets-mitel-command-injection-flaw/

#botnet #commandinjection #malware #mitel #CVE-2024-41710

Related news

MikroTik botnet uses misconfigured SPF DNS records to spread malware (source)
Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet (source)
New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-12	CVE-2024-41710	Argument Injection or Modification vulnerability in Mitel products A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 (R6.4.0.136) could allow an authenticated attacker with administrative privilege to conduct an argument injection attack, due to insufficient parameter sanitization during the boot process. network low complexity mitel CWE-88	7.2

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Mitel		65	3	51	28	30	112

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.