CISA: Exploitation of QNAP NVR, Future X Communication router flaws underway

SecurityWeek reports that organizations in the IT and commercial critical infrastructure industries have been warned by the Cybersecurity and Infrastructure Security Agency regarding ongoing attacks leveraging already addressed vulnerabilities impacting QNAP network video recorder devices and Future X Communications routers, which have already been added to the agency's Known Exploited Vulnerabilities catalog. CISA's advisories regarding intrusions exploiting the high-severity flaw affecting QNAP VioStor NVR devices, tracked as CVE-2023-47565, and the high-severity command injection bug in FXC's AE1021 and AE1021PE outlet wall routers, tracked as CVE-2023-49897, come after Akamai reported active exploitation as part of the InfectedSlurs campaign. "The malicious payloads captured in the wild install a Mirai-based malware with the intention of creating a distributed denial-of-service (DDoS) botnet," said Akamai. Both flaws, which may have stemmed from the devices' default passwords, were already patched by their respective vendors, with QNAP remediating the flaw in a firmware version that launched almost 10 years ago.