A Mirai botnet is attempting exploitation in the wild using a new (at least to us) set of CVEs

Created on 2025-02-12 13:38 and updated on 2025-02-12 13:38.

Description

A Mirai botnet is attempting exploitation in the wild using a new set of CVEs, focusing mostly on IoT devices. Includes:

Tenda CVE-2024-41473
Draytek CVE-2024-12987
HuangDou UTCMS V9 CVE-2024-9916
Totolink CVE-2024-2353 CVE-2024-24328 CVE-2024-24329
(likely) Four-Faith CVE-2024-9644

Source: The Shadowserver Foundation

Vulnerabilities included in this bundle

CVE-2024-9644: Four-Faith F3x36 bapply.cgi Auth Bypass
CVE-2024-2353:
CVE-2024-9916:
CVE-2024-12987:
CVE-2024-24328:
CVE-2024-24329:
CVE-2024-41473:

Author

Cédric Bonhomme

Combined sightings

Author	Vulnerability	Source	Type	Date
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-15)	seen	18 days ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-14)	seen	19 days ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-03-08)	seen	25 days ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-25)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-24)	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-24)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-23)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-23)	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-22)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-21)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-20)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-18)	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-17)	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-17)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-16)	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-16)	exploited	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-15)	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/shadowserver.bsky.social/post/3lhxudxqcfk2x	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/shadowserver.bsky.social/post/3lhxudxqah22x	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/shadowserver.bsky.social/post/3lhxudxq2lk2x	seen	1 month ago
automation	CVE-2024-9644	https://infosec.exchange/users/shadowserver/statuses/113990205373134629	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-12)	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/beikokucyber.bsky.social/post/3lhwkli7eoz2t	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-10)	seen	1 month ago
automation	CVE-2024-9644	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-09)	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/tmjintel.bsky.social/post/3lhlt7etmwz25	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/dinosn.bsky.social/post/3lhkoa3qr722o	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lhkl2a7sfs2o	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/vulnalerts.bsky.social/post/3lhgscfumuo2p	seen	1 month ago
automation	CVE-2024-9644	https://mastodon.social/users/CyberSignaler/statuses/113946638804892661	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/cve.skyfleet.blue/post/3lhegmta7zb2q	seen	1 month ago
automation	CVE-2024-9644	https://bsky.app/profile/cve-notifications.bsky.social/post/3lhedyb4lec2r	seen	1 month ago
automation	CVE-2024-9644	https://infosec.exchange/users/cve/statuses/113946211216829281	seen	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-19)	seen	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-17)	seen	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-16)	exploited	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-16)	seen	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-02-15)	exploited	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-15)	seen	1 month ago
automation	CVE-2024-2353	https://bsky.app/profile/beikokucyber.bsky.social/post/3li63y6gv6e23	seen	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-14)	seen	1 month ago
automation	CVE-2024-2353	https://bsky.app/profile/shadowserver.bsky.social/post/3lhxudxqcfk2x	seen	1 month ago
automation	CVE-2024-2353	https://bsky.app/profile/shadowserver.bsky.social/post/3lhxudxqah22x	seen	1 month ago
automation	CVE-2024-2353	https://bsky.app/profile/shadowserver.bsky.social/post/3lhxudxq2lk2x	seen	1 month ago
automation	CVE-2024-2353	https://infosec.exchange/users/shadowserver/statuses/113990205373134629	seen	1 month ago
automation	CVE-2024-2353	The Shadowserver (honeypot/common-vulnerabilities) - (2025-02-12)	seen	1 month ago

A Mirai botnet is attempting exploitation in the wild using a new (at least to us) set of CVEs

Description

Vulnerabilities included in this bundle

Meta

Author

Combined sightings