Article 511Y7 Critical bugs in dozens of Zyxel and Lilin IoT models under active exploit

Critical bugs in dozens of Zyxel and Lilin IoT models under active exploit

by
Dan Goodin
from Ars Technica - All content on (#511Y7)
FrankLindecke_Flickr_HackerWall-800x533.

Enlarge (credit: Frank Lindecke / Flickr)

Criminals are exploiting critical flaws to corral Internet-of-things devices from two different manufacturers into botnets that wage distributed denial-of-service attacks, researchers said this week. Both DVRs from Lilin and storage devices from Zyxel are affected, and users should install updates as soon as possible.

Multiple attack groups are exploiting the Lilin DVR vulnerability to conscript them into DDoS botnets known as FBot, Chalubo, and Moobot, researchers from security firm Qihoo 360 said on Friday. The latter two botnets are spinoffs of Mirai, the botnet that used hundreds of thousand of IoT devices to bombard sites with record-setting amounts of junk traffic.

The DVR vulnerability stems from three flaws that allow attackers to remotely inject malicious commands into the device. The bugs are: (1) hard-coded login credentials present in the device, (2) command-injection flaws, and (3) arbitrary file reading weaknesses. The injected parameters affect the device capabilities for file transfer protocol, network time protocol, and the update mechanism for network time protocol.

Read 4 remaining paragraphs | Comments

index?i=oNApn8n6Bmk:ZnXpIIq57l8:V_sGLiPB index?i=oNApn8n6Bmk:ZnXpIIq57l8:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments