A new botnet is spreading Mirai across the world, with thousands of devices affected

Given that the zero-days are yet to receive a patch, Akamai was careful not to give out too much information and point even more hackers in the right direction.

Weak credentials

“Although this information is limited, we felt it was our responsibility to alert the community about the ongoing exploitation of these CVEs in the wild. There is a thin line between responsible disclosing information to help defenders, and oversharing information that can enable further abuse by hordes of threat actors,” the company stressed.

All the researchers said is that the attackers found the flaws in at least one model of a network video recorder, as well as in an “outlet-based wireless LAN router built for hotels and residential applications.” The manufacturer is a Japanese firm that “produces multiple switches and routers”.

As for the specifics of the vulnerability itself, it was found in a “very common” feature, which led the researchers to speculate that other router models sold by the same manufacturer might have it, too. 

The flaws grant remote code execution (RCE) abilities, and while those are currently used to drop Mirai, they could be used for virtually any other malware out there. The silver lining is that in order to abuse the flaw, the attacker first needs some form of authentication. That’s why the attackers seem to be going for endpoints with weak or non-existent credentials. Those with passwords such as “password” or “password1” are the first in line to be compromised. 

Akamai notified both manufacturers of the discovered flaws, and while one acknowledged the findings and promised a patch next month, the other one is silent. The status of that patch is currently unknown.

More from TechRadar Pro

• DDoS attacks are getting bigger and more powerful, and that's a really bad thing
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now