silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,172
A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially.
"The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits," Fortinet's FortiGuard Labs Research team said. "Five new exploits were added within a month, with three targeting various models of TOTOLINK routers."
The list of exploited vulnerabilities in TOTOLINK routers is as follows -
- CVE-2022-26210 (CVSS score: 9.8) - A command injection vulnerability that could be exploited to gain arbitrary code execution
- CVE-2022-26186 (CVSS score: 9.8) - A command injection vulnerability affecting TOTOLINK N600R and A7100RU routers, and
- CVE-2022-25075 to CVE-2022-25084 (CVSS scores: 9.8) - A command injection vulnerability impacting multiple TOTOLINK routers, leading to code execution
Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers
Beastmode DDoS botnet is now exploiting recently disclosed TOTOLINK bugs in order to enslave more routers.
thehackernews.com