Akamai researchers identify new methods of attacking vulnerable network devices.
In the twenties of November, we talked about the InfectedSlurs botnet, which uses vulnerabilities in QNAP VioStor NVR devices to organize DDoS attacks. According to Akamai researchers, the botnet started operating in late 2022.
Initially, Akamai did not disclose information about the vulnerabilities used, waiting for software fixes from manufacturers, but recently finally published additional reports on the identified security flaws.
The first vulnerability used by the botnet is tracked as CVE-2023-49897 and affects the FXC AE1021 and AE1021PE Wi-Fi routers. The manufacturer released a security update on December 6, 2023 with a recommendation to do a factory reset and change the default password after installing the fix.
The second vulnerability, identified as CVE-2023-47565, is a serious Command Injection threat that affects QNAP VioStor NVR devices running on QVR 4.x firmware. QNAP issued security recommendations on December 7, 2023, where it reported that this issue was resolved in QVR 5.x firmware and later versions. available for all supported models.
Given that the proprietary QNAP software version 5.0.0 was released almost a decade ago, it is assumed that the InfectedSlurs botnet targets outdated VioStor NVR models that have not updated their firmware since the initial installation.
For vulnerable NVR devices, the manufacturer recommends following these steps:
VioStor NVR models that have reached End-of-Life (EOL) status will not receive an update that includes firmware 5. x or later. The only solution for such devices is to replace them with more modern models.
In the twenties of November, we talked about the InfectedSlurs botnet, which uses vulnerabilities in QNAP VioStor NVR devices to organize DDoS attacks. According to Akamai researchers, the botnet started operating in late 2022.
Initially, Akamai did not disclose information about the vulnerabilities used, waiting for software fixes from manufacturers, but recently finally published additional reports on the identified security flaws.
The first vulnerability used by the botnet is tracked as CVE-2023-49897 and affects the FXC AE1021 and AE1021PE Wi-Fi routers. The manufacturer released a security update on December 6, 2023 with a recommendation to do a factory reset and change the default password after installing the fix.
The second vulnerability, identified as CVE-2023-47565, is a serious Command Injection threat that affects QNAP VioStor NVR devices running on QVR 4.x firmware. QNAP issued security recommendations on December 7, 2023, where it reported that this issue was resolved in QVR 5.x firmware and later versions. available for all supported models.
Given that the proprietary QNAP software version 5.0.0 was released almost a decade ago, it is assumed that the InfectedSlurs botnet targets outdated VioStor NVR models that have not updated their firmware since the initial installation.
For vulnerable NVR devices, the manufacturer recommends following these steps:
- Log in to QVR as an administrator, go to Control Panel → System Settings → Software Update.
- Find the appropriate software version for your model and start updating.
- After performing the update, we recommend resetting the device to factory settings, as well as changing user passwords via the Control Panel → Privileges → Users → Change your password.
VioStor NVR models that have reached End-of-Life (EOL) status will not receive an update that includes firmware 5. x or later. The only solution for such devices is to replace them with more modern models.
