Home > Cyber News > CVE-2022-26210 TOTOLINK Vulnerability Exploited by Beastmode Botnet
CYBER NEWS

CVE-2022-26210 TOTOLINK Vulnerability Exploited by Beastmode Botnet

CVE-2022-26210 TOTOLINK Vulnerability Exploited by Beastmode Botnet

Another variant of the infamous Mirai botnet is circling the web, exploiting a list of specific vulnerabilities in TOTOLINK routers.

The critical vulnerabilities are relatively new, disclosed in the period between February and March 2022. Affected is the Linux platform. As a result of the vulnerabilities, remote attackers could gain control over the exposed systems, said FortiGuard Labs researchers (Fortinet).

The researchers have dubbed the Mirai-based campaign, observed in the said period, Beastmode, saying that it had aggressively updated the arsenal of exploits by adding the five new vulnerabilities in TOTOLINK routers.




CVE-2022-26210, CVE-2022-25075 to 84, CVE-2022-26186 in TOTOLINK Routers

The vulnerabilities are the following, as disclosed by FortiGuard:

  • CVE-2022-26210 targeting TOTOLINK A800R, A810R, A830R, A950RG, A3000RU, and A3100R;
  • CVE-2022-26186 targeting TOTOLINK N600R and A7100RU;
  • CVE-2022-25075 to CVE-2022-25084 (25076/25077/25078/25079/25080/25081/25082/25083/25084) – a family of similar vulnerabilities targeting TOTOLINK A810R, A830R, A860R, A950RG, A3100R, A3600R, T6, and T10 routers.

“The inclusion of TOTOLINK exploits is especially noteworthy as they were added just a week after the exploit codes were published on GitHub. We previously reported on the MANGA campaign, which similarly adopted exploit code within weeks of their release,” the report said.

Threat actors are quick to adopt newly released exploit code, thus increasing the number of potential victims and devices included in the Beastmode DDoS botnet. Fortunately, the router vendor (TOTOLINK) has already released updated firmware that fixes the issues. Owners of the affected routers are urged to update their firmware as soon as possible.

Other Mirai-based botnets leveraging different exploits include Yowai and Masuta.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...