The last week has seen a huge surge in the Mozi botnet[1] activity from compromised CPE's(routers) etc from Hathway(AS17488), BSNL(AS9829) and other networks.
Some of the affected CPE's along with mitigation outlined by Netlab 360 [2]
IMO, affected devices may not be limited to the ones outlined above.
Mitigation - Here are general steps you can take to mitigate this issue,
1. Restart the router
2. Set a strong login password
3. Disable remote access of the router (if enabled)
4. Patch your router - To check if your router has Common Vulnerabilities and Exposure(CVE), search here[3]. Irrespective, it's recommend to update the firmware of the router
[1]: New Malware Family Assembles IoT Botnet
[2]: Mozi, Another Botnet Using DHT
[3]: CVE - Search CVE List
Some of the affected CPE's along with mitigation outlined by Netlab 360 [2]
| Eir D1000 Wireless Router RCI | Eir D1000 Router |
| Vacron NVR RCE | Vacron NVR devices |
| CVE-2014-8361 | Devices using the Realtek SDK |
| Netgear cig-bin Command Injection | Netgear R7000 and R6400 |
| Netgear setup.cgi unauthenticated RCE | DGN1000 Netgear routers |
| JAWS Webserver unauthenticated shell command execution | MVPower DVR |
| CVE-2017-17215 | Huawei Router HG532 |
| HNAP SoapAction-Header Command Execution | D-Link Devices |
| CVE-2018-10561, CVE-2018-10562 | GPON Routers |
| UPnP SOAP TelnetD Command Execution | D-Link Devices |
| CCTV/DVR Remote Code Execution | CCTV DVR |
IMO, affected devices may not be limited to the ones outlined above.
Mitigation - Here are general steps you can take to mitigate this issue,
1. Restart the router
2. Set a strong login password
3. Disable remote access of the router (if enabled)
4. Patch your router - To check if your router has Common Vulnerabilities and Exposure(CVE), search here[3]. Irrespective, it's recommend to update the firmware of the router
[1]: New Malware Family Assembles IoT Botnet
[2]: Mozi, Another Botnet Using DHT
[3]: CVE - Search CVE List
and my ISP is BSNL