The last week has seen a huge surge in the Mozi botnet[1] activity from compromised CPE's(routers) etc from Hathway(AS17488), BSNL(AS9829) and other networks.
Some of the affected CPE's along with mitigation outlined by Netlab 360 [2]
IMO, affected devices may not be limited to the ones outlined above.
Mitigation - Here are general steps you can take to mitigate this issue,
1. Restart the router
2. Set a strong login password
3. Disable remote access of the router (if enabled)
4. Patch your router - To check if your router has Common Vulnerabilities and Exposure(CVE), search here[3]. Irrespective, it's recommend to update the firmware of the router
[1]: New Malware Family Assembles IoT Botnet
[2]: Mozi, Another Botnet Using DHT
[3]: CVE - Search CVE List
Some of the affected CPE's along with mitigation outlined by Netlab 360 [2]
Eir D1000 Wireless Router RCI | Eir D1000 Router |
Vacron NVR RCE | Vacron NVR devices |
CVE-2014-8361 | Devices using the Realtek SDK |
Netgear cig-bin Command Injection | Netgear R7000 and R6400 |
Netgear setup.cgi unauthenticated RCE | DGN1000 Netgear routers |
JAWS Webserver unauthenticated shell command execution | MVPower DVR |
CVE-2017-17215 | Huawei Router HG532 |
HNAP SoapAction-Header Command Execution | D-Link Devices |
CVE-2018-10561, CVE-2018-10562 | GPON Routers |
UPnP SOAP TelnetD Command Execution | D-Link Devices |
CCTV/DVR Remote Code Execution | CCTV DVR |
IMO, affected devices may not be limited to the ones outlined above.
Mitigation - Here are general steps you can take to mitigate this issue,
1. Restart the router
2. Set a strong login password
3. Disable remote access of the router (if enabled)
4. Patch your router - To check if your router has Common Vulnerabilities and Exposure(CVE), search here[3]. Irrespective, it's recommend to update the firmware of the router
[1]: New Malware Family Assembles IoT Botnet
[2]: Mozi, Another Botnet Using DHT
[3]: CVE - Search CVE List