Mirai-like Botnet Exploits Recently Disclosed Zyxel NAS Flaws
Researchers have warned that a Mirai-based botnet is exploiting a recently disclosed critical vulnerability in EoL Zyxel NAS devices.
Researchers from the Shadowserver Foundation have warned that a Mirai-based botnet has begun exploiting a recently disclosed vulnerability, CVE-2024-29973 (CVSS score 9.8), in the now-out-of-support NAS device Zyxel NAS products.
of The flaw is a command injection vulnerability An unauthenticated attacker could exploit this vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions earlier than V5.21(AAZF.17)C0 and NAS542 firmware versions earlier than V5.21(ABAG.14)C0 to execute certain Operating System (OS) commands by sending a crafted HTTP POST request.
This vulnerability affects the NAS326 running firmware version 5.21(AAZF.16)C0 and earlier, and the NAS542 running firmware version 5.21(ABAG.13)C0 and earlier.
The vulnerability stems from the fix for a different code injection issue, tracked as CVE-2023-27992, which was addressed in June 2023.
Now, researchers at the Shadowserver Foundation report that they have begun observing attempts to exploit the vulnerability by Mirai-like botnets. Experts are urging replacement of EoL devices, noting that PoC exploit code has been made publicly available.
Follow us on Twitter: @Security Issues and Facebook and Mastodon
(Security Affair – hacking, Mirai)