Code Used in Zero Day Huawei Router Attack Made Public[source: threatpost]

01 Jan 2018

No Comments

1342

Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be leveraged in DDoS attacks via botnets such as Reaper or IOTrooper.

Ankit Anubhav, researcher at NewSky Security first identified the code on Monday that was posted publicly on Pastebin.com. The code is the zero-day vulnerability CVE- 2017-17215 used by a hacker identified as “Nexus Zeta” to spread a variant of the Mirai malware called Satori, also known as Mirai Okiru.

“The fact that the code is now in the open means that more threat actors would now be using it. We can assume that the exploit would become commodity, and IoT botnets that attempt at exploiting a large kit of vulnerabilities will be adding CVE- 2017-17215 to their arsenal,” said Maya Horowitz, threat intelligence group manager, Check Point.

Last week, Check Point identified the vulnerability (CVE-2017-17215) in a Huawei home router model HG532 that was being exploited by Nexus Zeta to spread the Mirai variant Mirai Okiru/Satori. Since then Huawei issued an updated security notice to customers warning the flaw allows a remote adversary to send malicious packets to port 37215 to execute remote code on vulnerable routers.

For more, click here.