Mirai Bot now incorporating (malformed?) DrayTek Vigor Router Exploits

SUMMARY :

A report details the incorporation of exploits targeting DrayTek Vigor routers into the Mirai botnet. Previously disclosed vulnerabilities affecting approximately 700,000 devices are being exploited, with attacks focusing on the 'keyPath' and 'cvmcfgupload' parameters. A curious spike in malformed exploit attempts, missing a dash in 'cgi-bin', has been observed. The attacks aim to upload and execute bot variants, primarily Mirai. The latest malformed exploit attempts to download a multi-architecture bash script and the actual bot. String analysis of the bot reveals attempts to exploit other vulnerabilities and likely includes a brute force component.

OPENCTI LABELS :

botnet,exploit,vulnerability,mirai,iot,router,firmware,vigor,draytek


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Mirai Bot now incorporating (malformed?) DrayTek Vigor Router Exploits