A new executive Mirai Internet of Things (IoT) botnet, can be exploited by malicious agents to attack Comtrend routers.
Mirai was first discovered in 2016 and in October of the same year, its source code was released on Internet. It has since been used as a basis for many others DDoS botnets, including SORA, UNSTABLE and Mukashi.
The new Mirai executives have new elements in terms of their goals and exploitation techniques and the new executive discovered is no exception.
Vulnerability could be exploited by remote invaders to "endanger the network managed by the router," explains Trend Micro.
CVE-2020-10173, however, is just one of them vulnerabilities targeting this strain. It can actually exploit nine other vulnerabilities, including one recently discovered on Netlink GPON routers.
That said error, which allows remote code execution, was discovered earlier this year, but has already been added to the Hoaxcalls botnet arsenal.
But in addition to these two vulnerabilities, the new Mirai variant targets a number of older security issues that have been abused by various other botnets in the past, including defects affecting the LG SuperSign EZ CMS, AVTECH devices, D-Link devices, MVPower DVR, Symantec Web Gateway 220.127.116.11 and ThinkPHP.
"Using CVE-2020-10173 in the code of this variant shows how botnet developers continue to expand their arsenal to infect as many targets as possible and take advantage of the gap provided by uninformed Appliances. The recently discovered vulnerabilities offer better chances for cyber criminals. "Users who do not even know there is a vulnerability may not be able to update the device before it is too late."
The vulnerability that affects Comtrend routers is likely to be exploited by other DDoS botnets, as researchers say they tend to copy techniques with each other.