A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm.
The botnet was discovered by Akamai's Security Intelligence Response Team in October 2023, who observed the exploitation of two zero-day vulnerabilities in routers and NVR devices, likely starting in late 2022.
At the time, and due to the vendors not having released patches, Akamai opted not to disclose any information about the flaws that InfectedSlurs was exploiting.
As the security updates or information about the two zero-days have been made available, Akamai published two follow-up reports to plug the gaps left in the original report from late November.
The first zero-day flaw exploited by InfectedSlurs is tracked as CVE-2023-49897 and impacts FXC AE1021 and AE1021PE WiFi routers.
The vendor released a security update on December 6, 2023, with firmware version 2.0.10, and recommended that users perform a factory reset and change the default password after its application.
The second zero-day vulnerability in the botnet's attacks is CVE-2023-47565, a high-severity OS command injection impacting QNAP VioStor NVR models running QVR firmware 4.x. QNAP published an advisory on December 7, 2023, explaining that the previously unknown issue was fixed in QVR firmware 5.x and later, which is available to all actively supported models.
Since version 5.0.0 was released nearly a decade ago, it is deduced that the Infected Slurs botnet targets legacy VioStor NVR models that never updated their firmware after initial setup.
Login to QVR as administrator, head to 'Control Panel System Settings Firmware Update,' select the 'Firmware Update' tab, and click 'Browse' to locate the right version for your specific model.
Finally, Click 'Update System' and wait for QVR to install the update.
It recommends changing user passwords on QVR through 'Control Panel Privilege Users Change Password,' enter a new strong password, and click 'Apply.
A VioStor NVR model that has reached EOL may not have an available update that includes firmware 5.x or later.
These devices will not receive a security update, so the only solution is to replace them with newer, actively supported models.
New botnet malware exploits two zero-days to infect NVRs and routers.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
Hackers breach US govt agencies using Adobe ColdFusion exploit.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 16 Dec 2023 16:50:19 +0000