Hackread reports that outdated Zyxel network-attached storage devices are being subjected to intrusions by a Mirai-like botnet exploiting the critical Python code injection flaw, tracked as CVE-2024-29973.
Targeting CVE-2024-29973 would enable compromised Zyxel NAS devices to be included in a botnet that could then be leveraged for distributed denial-of-service attacks against critical infrastructure and other organizations, especially in Europe, which accounts for most of the vulnerable Zyxel NAS instances, a report from Censys found.
Such a development comes months after researchers from Outpost24's Vulnerability Research Department reported that the Mirai-like botnet has been targeting the flaw, along with two other critical bugs impacting the devices, including the NsaRescueAngel backdoor account bug, tracked as CVE-2024-29972, and the persistent remote code execution flaw, tracked as CVE-2024-29974. Organizations with the affected Zyxel NAS models NAS326 versions prior to V5.21(AAZF.16)C0, and NAS542 versions prior to V5.21(ABAG.13)C0 have been urged to immediately apply patches issued by Zyxel.
