![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![What tool should I be using for mapping a function across the complex domain? [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
.jpg?#)
![YouTube Announces New Creation Tools for Shorts [Video]](https://www.iclarified.com/images/news/96923/96923/96923-640.jpg)
![Apple Faces New Tariffs but Has Options to Soften the Blow [Kuo]](https://www.iclarified.com/images/news/96921/96921/96921-640.jpg)
Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control
A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of significant vulnerabilities in routers and smart devices, primarily targeting industrial and home networks worldwide. The Shadowserver Foundation recently shared on X the botnet’s active exploitation of several vulnerabilities, including CVE-2024-41473 (Tenda), CVE-2024-12987 (Draytek), CVE-2024-9916 (HuangDou UTCMS V9), Four-Faith CVE-2024-9644 and […] The post Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control appeared first on Cyber Security News.
A new wave of cyberattacks has surfaced, with a Mirai-based botnet exploiting a number of significant vulnerabilities in routers and smart devices, primarily targeting industrial and home networks worldwide.
The Shadowserver Foundation recently shared on X the botnet’s active exploitation of several vulnerabilities, including CVE-2024-41473 (Tenda), CVE-2024-12987 (Draytek), CVE-2024-9916 (HuangDou UTCMS V9), Four-Faith CVE-2024-9644 and multiple vulnerabilities in Totolink devices (CVE-2024-2353, CVE-2024-24328, CVE-2024-24329).
Technical Overview of Exploited Vulnerabilities
The botnet leverages both zero-day and n-day vulnerabilities to infiltrate internet-exposed routers and other IoT devices. Key vulnerabilities include:
CVE-2024-41473 – Tenda Command Injection Vulnerability
CVE-2024-41473 is a high-severity command injection vulnerability in the Tenda FH1201 router, specifically affecting firmware version 1.2.0.14.
The flaw resides in the mac parameter of the endpoint /ip/goform/WriteFacMac, which fails to properly neutralize special characters in OS commands.
This allows attackers to inject arbitrary commands, gaining unauthorized control over the router.
The vulnerability has a CVSS v3.1 score of 8.0, indicating high severity due to its potential to compromise confidentiality, integrity, and availability.
CVE-2024-12987 – DrayTek Command Injection Vulnerability
This vulnerability affects DrayTek Vigor2960 and Vigor300B routers running firmware version 1.5.1.4. It is classified as a command injection flaw in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint of the web management interface.
Attackers can manipulate the session argument to execute arbitrary OS commands remotely without authentication.
The vulnerability has a CVSS v3.x score of 7.3 (high severity), with public exploits available, making it an attractive target for attackers.
CVE-2024-9916 HuangDou Command Injection Vulnerability
CVE-2024-9916 is a critical OS command injection vulnerability in HuangDou UTCMS V9 software, specifically in the file app/modules/ut-cac/admin/cli.php.
This vulnerability has a CVSS v3.x score of 7.3 and poses significant risks to system integrity and availability despite its moderate impact on confidentiality.
The flaw arises from improper input validation of the o parameter, allowing remote attackers to execute arbitrary commands without authentication or user interaction.
CVE-2024-9644 Four-Faith Authentication Bypass Vulnerability
This vulnerability affects Four-Faith F3x36 routers running firmware version 2.0.0 and involves an authentication bypass in the bapply.cgi endpoint of the administrative web server.
Unlike its counterpart apply.cgi, which enforces authentication, bapply.cgi allows unauthorized access to critical router settings.
Attackers can exploit this flaw to modify configurations or chain it with other vulnerabilities for broader system compromise.
CVE-2024-2353, CVE-2024-24328, CVE-2024-24329 (Totolink Vulnerabilities)
These vulnerabilities affect Totolink routers and involve stack-based buffer overflows in their HTTP request-handling mechanisms.
Exploitation allows attackers to trigger denial-of-service conditions or execute arbitrary code with elevated privileges remotely.
These flaws are particularly concerning because they can be leveraged for large-scale botnet operations like Mirai.
Botnet Capabilities and Objectives
The Mirai botnet has evolved significantly since its initial discovery. It now incorporates advanced features such as:
- Brute-forcing Telnet Credentials: The malware scans for devices with weak or default passwords to gain access.
- Custom Exploits: It uses both public and private exploits for over 20 known vulnerabilities across various device types.
- DDoS Attacks: The botnet executes high-intensity Distributed Denial-of-Service.
(DDoS) attacks exceeding 100 Gbps, disrupting services even on robust infrastructures.
The botnet’s primary goal is financial gain through DDoS-for-hire services. It currently operates with approximately 15,000 active nodes daily, targeting entities in countries such as China, Russia, the United States, Turkey, and Iran.
Mitigation Measures
To protect against these attacks, cybersecurity experts recommend the following steps:
- Ensure all routers and IoT devices are updated with the latest firmware from vendors.
- Turn off remote management features unless absolutely necessary.
- Use strong passwords with a mix of uppercase/lowercase letters, numbers, and symbols.
- Regularly scan networks for vulnerable devices and implement segmentation to isolate critical systems
The resurgence of Mirai underscores the persistent threat posed by IoT botnets exploiting unpatched vulnerabilities.
Organizations must prioritize threat intelligence sharing and adopt robust security frameworks to mitigate risks associated with evolving malware campaigns like Mirai.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post Mirai Botnet Exploting Router Vulnerabilities to Gain Complete Device Control appeared first on Cyber Security News.
