Show vulnerabilities with patch / with exploit
14 July 2020

New Mirai variant expands its arsenal with exploit for bug in Comtrend routers


New Mirai variant expands its arsenal with exploit for bug in Comtrend routers

Security researchers from Trend Micro have uncovered a new version of the Mirai Internet of Things (IoT) botnet, which includes an exploit for the CVE-2020-10173 vulnerability affecting Comtrend routers.

The Mirai botnet was discovered in 2016, and in October of the same year its source code was leaked online. Since then, numerous distributed denial of service (DDoS) botnets have been built using Mirai source code, with several of them emerging over the past months alone, including SORA, UNSTABLE, and Mukashi.

The researchers said that the new Mirai variant is the first botnet version that incorporates the exploit for CVE-2020-10173, which is an authenticated command injection vulnerability in the Comtrend VR-3033 routers. The flaw allows a remote attacker to compromise the network managed by the router.

This vulnerability is exploited along nine other security flaws impacting routers, IP cameras, and other IoT devices.

“The vulnerabilities used by this Mirai variant consist of a combination of old and new that help cast a wide net encompassing different types of connected devices. The nine vulnerabilities used in this campaign affect specific versions of IP cameras, smart TVs, and routers, among others,” Trend Micro said.

The discovered Mirai variant also includes an exploit for a relatively recent bug in Netlink GPON routers that was also reportedly exploited by the Hoaxcalls botnet.

Aside from the above mentioned flaws, this variant makes use of mostly old vulnerabilities, including flaws in AVTECH IP Camera / NVR / DVR devices, D-Link devices, MVPower DVRs, Symantec Web Gateway, and ThinkPHP.

“The use of CVE-2020-10173 in this variant’s code shows how botnet developers continue to expand their arsenal to infect as many targets as possible and take advantage of the opening afforded by unpatched devices. Newly discovered vulnerabilities, in particular, offer better chances for cybercriminals. Users, not knowing that a vulnerability even exists, might be unable to patch the device before it is too late,” the researchers concluded.

Back to the list

Latest Posts

Vulnerabilities in Gmail and iCloud allow hiding the sender

Vulnerabilities in Gmail and iCloud allow hiding the sender

Manipulating email header fields allows for various types of attacks to deceive the addressee.
6 August 2020
Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020