Intel Name: Botnets continue to target aging d-link vulnerabilities
Date of Scan: December 27, 2024
Impact: Medium
Summary: In October and November 2024, a surge in activity was observed by two botnets, the Mirai variant “FICORA” and the Kaiten variant “CAPSAICIN,” both exploiting aging D-Link vulnerabilities. These vulnerabilities, primarily through the HNAP interface, allow remote attackers to execute malicious commands. The flaws, first exposed nearly a decade ago, are linked to various CVEs, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112. Despite being well-known, these vulnerabilities continue to facilitate the spread of the botnets, with attackers reusing older techniques to compromise devices.