Malware researchers at Trend Micro have discovered a new version of the Mirai Internet of Things (IoT) botnet that includes an exploit for the CVE-2020-10173 vulnerability impacting Comtrend routers.
The new variant spotted by Trend Micro researchers targets the CVE-2020-10173 authenticated command injection vulnerability in the Comtrend VR-3033 routers.
Experts believe that vulnerability impacting Comtrend routers will likely be exploited by other DDoS botnets.
This flaw is exploited along other security vulnerabilities impacting routers, IP cameras, and other IoT devices.
“The vulnerabilities used by this Mirai variant consist of a combination of old and new that help cast a wide net encompassing different types of connected devices. The nine vulnerabilities used in this campaign affect specific versions of IP cameras, smart TVs, and routers, among others.” reads the analysis published by Trend Micro.
“As mentioned earlier, the most notable of these vulnerabilities is CVE-2020-10173, a Multiple Authenticated Command injection vulnerability found in Comtrend VR-3033 routers. Remote malicious attackers can use this vulnerability to compromise the network managed by the router.”
Despite the availability of a proof of concept (POC) for this vulnerability, this is the first time that an exploit for issue is exploited by a Mirai variant.
The Mirai variant analyzed by Trend Micro also includes another five old vulnerability:
“The use of CVE-2020-10173 in this variant’s code shows how botnet developers continue to expand their arsenal to infect as many targets as possible and take advantage of the opening afforded by unpatched devices. Newly discovered vulnerabilities, in particular, offer better chances for cybercriminals.” conlcuded Trend Micro. “Users, not knowing that a vulnerability even exists, might be unable to patch the device before it is too late.”
(SecurityAffairs – botnet, Mirai)