A new variant of the Mirai botnet has begun exploiting multiple vulnerabilities in a software development kit (SDK) used by thousands of Realtek-based devices.
The vulnerabilities were discovered by IoT Inspector, the makers of the firmware security analysis platform of the same name, last week and thought to affect more than 65 hardware manufacturers and a variety of wireless devices.
Network security firm SAM Seamless Network now reveals that the Mirai-based botnet started trawling the web for unpatched devices two days after the public disclosure, even though Realtek had patched the vulnerabilities three days prior to IoT Inspectors’ announcement.
- These are the best small business routers
- Here’s our list of the best secure routers
- We've put together a list of the best endpoint protection software
“One of the vulnerabilities disclosed, CVE-2021-35395, affects the web interface that is part of the SDK, and is a collection of six different vulnerabilities. As of August 18th, we have identified attempts to exploit CVE-2021-35395 in the wild,” notes Omri Mallis, chief product architect at SAM Seamless Network.
Updated botnet
The researchers note that the particular Mirai malware used to exploit the Realtek vulnerability, was first seen by Palo Alto Network earlier this year in March.
This was followed by another sighting by Juniper Networks earlier this month, when the botnet authors exploited another newly discovered vulnerability, again only a couple of days after it was announced.
“This chain of events shows that hackers are actively looking for command injection vulnerabilities and use them to propagate widely used malware quickly. These kinds of vulnerabilities are easy to exploit and can be integrated quickly into existing hacking frameworks that attackers employ, well before devices are patched and security vendors can react,” observes Mallis.
- These are the best firewall apps and services
