59.8 F
Washington D.C.
Wednesday, September 28, 2022

Dasan and D-Link Routers Targeted by Apparent Botnet in New Wave of Exploit Attacks

An apparent botnet comprised of more than 3,000 separate source IPs generated a large, sudden spike in exploit attacks on July 19, targeting D-Link 2750B and certain Dasan GPON (Gigabit Passive Optical Network) small and home office routers.

The operation may have been an attempt to compromise routers so they could be leveraged to launch distributed denial of service attacks, distribute malicious content or spy on browsing activity, suggests the eSentire Threat Intelligence team, which authored a corresponding blog post and threat advisory after observed the incident while monitoring its customers.

Reportedly, the attackers sought to capitalize on a pair of vulnerabilities that collectively can result in remote code execution, and for which there is only an unofficial patch available. The vulnerabilities — CVE-2018-10561, an authentication bypass flaw and CVE-2018-10562, a command injection bug — were discovered and publicly disclosed in May 2018, and have since been used in various campaigns. Dasan routers using ZIND-GPON-25xx firmware, some Dasan H650 series GPON routers, and D-Link DSL-2750B routers with firmware 1.01 to 1.03 are prone to the exploits.

Read more at SC Media

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles