Select Page

A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially.

“The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits,” Fortinet’s FortiGuard Labs Research team said. “Five new exploits were added within a month, with three targeting various models of TOTOLINK routers.”

The list of exploited vulnerabilities in TOTOLINK routers is as follows –

  • CVE-2022-26210 (CVSS score: 9.8) – A command injection vulnerability that could be exploited to gain arbitrary code execution
  • CVE-2022-26186 (CVSS score: 9.8) – A command injection vulnerability affecting TOTOLINK N600R and A7100RU routers, and
  • CVE-2022-25075 to CVE-2022-25084 (CVSS scores: 9.8) – A command injection vulnerability impacting multiple TOTOLINK routers, leading to code execution

images from Hacker News