Serious Vulnerability IoT devices in Lilin and Zyxel : Update immediately
The vulnerabilities allow you to install malware that ” hires ” devices in botnets dedicated to DDoS attacks and variants of the notorious Mirai.
Cybersecurity researchers raise the alarm for some flaws in some Lilin and Zyxel IoT devices that have been actively exploited to compromise them by installing malware to enlist them within botnets dedicated to DDoS attacks: FBot, Chalubo, Moobot and Mukashi, the latter three variants of the infamous Mirai.
As for Lilin devices – which produces video surveillance solutions, but in the past also DVR tools – it is the Qihoo 360 researchers who report the problem. Lilin’s DVRs are subject to three different flaws that allow attackers to issue malicious commands remotely. The flaws affect the file transfer functions and the update mechanism.
The first episodes of exploitation of the vulnerabilities date back to last August when the researchers started to find some activities aimed at infecting the devices with Chalubo, while in January, the spreads of FBot and Moobot occurred. Lilin has resolved the vulnerabilities with the release of a new version of the firmware for the affected devices: it is 2.0b60_20200207.
As far as Zyxel’s devices are concerned, it is Palo Alto Networks researchers who spread the alarm. A number of the manufacturer’s NAS devices – a list of 27 models – for which a patch has already been distributed to have been affected by the issue.
There are also some devices for which an update is not available because they are no longer supported. The manufacturer recommends, for devices that are no longer supported, not to connect them directly to the Internet.
The vulnerability, marked by the CVE-2020-9054 code, allows attackers to remotely execute commands on devices affected by the problem, with the subsequent possibility of taking control of those devices that use weak passwords that can be easily guessed.
The aim was to install another variant of Mirai known as Mukashi, which was recently discovered. The vulnerability received a classification of 9.8 out of 10 due to the extreme ease of exploitation.
Those who have Lilin or Zyxel devices affected by the vulnerabilities should install the available updates as soon as possible. In contrast, the devices to which the corrective patches cannot be applied should at least be kept disconnected from the Internet or if this is not possible, should be replaced with newer devices. In general, it is good that all IoT devices on a local network are placed behind firewalls in such a way as to make the risk of compromise more difficult.