New botnet exploits vulnerabilities in NVRs, TP-Link routers - BleepingComputer

Latest News on TP-Link Router Vulnerabilities and Malware Exploits

TP-Link Router Vulnerabilities

1. CVE-2024-5035: This vulnerability affects Archer C5400X router models and allows attackers to execute remote code, providing a gateway for fully controlling devices and running arbitrary code on them4.

2. National Security Risk: The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk1.

Securing TP-Link Routers

To mitigate these vulnerabilities, users can consider securing their TP-Link routers using OpenWRT, which provides a more secure alternative to the default firmware. This involves flashing the router with OpenWRT, which can help protect against remote code execution and other security threats4.

Malware Exploits on NVR Systems

1. General Malware Threats: There are ongoing phishing campaigns targeting various industries, including automotive, chemical, and industrial manufacturing companies in Germany and the UK, which are abusing tools like HubSpot to steal Microsoft Azure account credentials1.

2. Specific Malware Exploits:

   • Apache Struts Vulnerability: Researchers warn that threat actors are attempting to exploit a recently disclosed Apache Struts vulnerability (CVE-2024-53677), which is actively being exploited using public proof-of-concept exploits12.
   • ProjectSend Vulnerability: The ProjectSend open-source file-sharing application has a vulnerability (CVE-2024-11680) that is being exploited by attackers, allowing remote, unauthenticated attackers to exploit this improper authentication issue2.
   • Avast Anti-Rootkit Driver Exploit: A malware campaign is abusing a vulnerable Avast Anti-Rootkit driver (aswArPot.sys) to gain deeper access to the target system, disable security solutions, and gain system control2.

Summary

• TP-Link Router Vulnerabilities: CVE-2024-5035 allows remote code execution on Archer C5400X models, posing a significant security risk.
• National Security Considerations: The U.S. government is considering banning TP-Link routers due to potential national security risks.
• Securing TP-Link Routers: Using OpenWRT can help mitigate these vulnerabilities.
• Malware Exploits: Ongoing phishing campaigns and specific vulnerabilities in Apache Struts and ProjectSend are being exploited by attackers.

These updates highlight the importance of staying vigilant about device security and regularly updating software to prevent exploitation by malicious actors.