Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially.

"The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team said. "Five new exploits were added within a month, with three targeting various models of TOTOLINK routers."

The list of exploited vulnerabilities in TOTOLINK routers is as follows -
  • CVE-2022-26210 (CVSS score: 9.8) - A command injection vulnerability that could be exploited to gain arbitrary code execution
  • CVE-2022-26186 (CVSS score: 9.8) - A command injection vulnerability affecting TOTOLINK N600R and A7100RU routers, and
  • CVE-2022-25075 to CVE-2022-25084 (CVSS scores: 9.8) - A command injection vulnerability impacting multiple TOTOLINK routers, leading to code execution
  • Like
Reactions: kC77 and harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.