Network Security, Threat Intelligence, Endpoint/Device Security

Critical Zyxel NAS vulnerability targeted by Mirai-like botnet

botnet virus at a computer screen skull

Hackread reports that outdated Zyxel network-attached storage devices are being subjected to intrusions by a Mirai-like botnet exploiting the critical Python code injection flaw, tracked as CVE-2024-29973.

Targeting CVE-2024-29973 would enable compromised Zyxel NAS devices to be included in a botnet that could then be leveraged for distributed denial-of-service attacks against critical infrastructure and other organizations, especially in Europe, which accounts for most of the vulnerable Zyxel NAS instances, a report from Censys found.

Such a development comes months after researchers from Outpost24's Vulnerability Research Department reported that the Mirai-like botnet has been targeting the flaw, along with two other critical bugs impacting the devices, including the NsaRescueAngel backdoor account bug, tracked as CVE-2024-29972, and the persistent remote code execution flaw, tracked as CVE-2024-29974. Organizations with the affected Zyxel NAS models NAS326 versions prior to V5.21(AAZF.16)C0, and NAS542 versions prior to V5.21(ABAG.13)C0 have been urged to immediately apply patches issued by Zyxel.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.