Botnets Continue To Target Aging D-Link Vulnerabilities
Fortinet News, Thursday, December 26th, 2024
FortiGuard Labs noticed a spike in the activity of two different botnets in October and November of 2024. One was the Mirai variant 'FICORA,' and the other was the Kaiten variant 'CAPSAICIN.'
These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings action on the HNAP (Home Network Administration Protocol) interface. This HNAP weakness was first exposed almost a decade ago, with numerous devices affected by a variety of CVE numbers, including CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112.