Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially.

"The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team said. "Five new exploits were added within a month, with three targeting various models of TOTOLINK routers."

The list of exploited vulnerabilities in TOTOLINK routers is as follows -
  • CVE-2022-26210 (CVSS score: 9.8) - A command injection vulnerability that could be exploited to gain arbitrary code execution
  • CVE-2022-26186 (CVSS score: 9.8) - A command injection vulnerability affecting TOTOLINK N600R and A7100RU routers, and
  • CVE-2022-25075 to CVE-2022-25084 (CVSS scores: 9.8) - A command injection vulnerability impacting multiple TOTOLINK routers, leading to code execution
  • Like
Reactions: kC77 and harlan4096