Hackread reports that outdated Zyxel network-attached storage devices are being subjected to intrusions by a Mirai-like botnet exploiting the critical Python code injection flaw, tracked as CVE-2024-29973.
Targeting CVE-2024-29973 would enable compromised Zyxel NAS devices to be included in a botnet that could then be leveraged for distributed denial-of-service attacks against critical infrastructure and other organizations, especially in Europe, which accounts for most of the vulnerable Zyxel NAS instances, a report from Censys found.
Such a development comes months after researchers from Outpost24’s Vulnerability Research Department reported that the Mirai-like botnet has been targeting the flaw, along with two other critical bugs impacting the devices, including the NsaRescueAngel backdoor account bug, tracked as CVE-2024-29972, and the persistent remote code execution flaw, tracked as CVE-2024-29974. Organizations with the affected Zyxel NAS models NAS326 versions prior to V5.21(AAZF.16)C0, and NAS542 versions prior to V5.21(ABAG.13)C0 have been urged to immediately apply patches issued by Zyxel.
This post was originally published on the 3rd party site mentioned in the title of this this site