New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

By Augusto Remillano II and Jemimah Molina


We discovered a new Mirai variant (detected as  IoT.Linux.MIRAI.VWISI) that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants.


This discovery is a new addition to the Mirai variants that appeared in the past few months, that include SORA, UNSTABLE, and Mukashi. The case, however, showcases the ever-expanding arsenal of vulnerabilities new Mirai variants are equipped with by their developers.


The vulnerabilities


The vulnerabilities used by this Mirai variant consist of a combination of old and new that help cast a wide net encompassing different types of connected devices. The nine vulnerabilities used in this campaign affect specific versions of IP cameras, smart TVs, and routers, among others.


As mentioned earlier, the most notable of these vulnerabilities is CVE-2020-10173, a Multiple Authenticated Command injection vulnerability found in Comtrend VR-3033 routers. Remote malicious attackers can use this vulnerability to compromise the network managed by the router.


Only a proof of concept (POC) has been released for this vulnerability, with no reported exploit at large before this Mirai variant. Figure 1 serves as evidence of how this vulnerability is used by t ..

Support the originator by clicking the read the rest link below.