Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN.
“These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings action on the HNAP (Home Network Administration Protocol) interface,” Fortinet FortiGuard Labs researcher Vincent Li said in a Thursday analysis.
“This HNAP weakness was first exposed almost a decade ago, with numerous devices affected by a variety of CVE numbers, including CVE-2015–2051, CVE-2019–10891, CVE-2022–37056, and CVE-2024–33112.”
Leave a reply