Ad End 1 August 2026
Ad End 4 july 2026
ad End 17 June 2026
ad End 25 July 2026
banner Expire 27 September 2026
adv exp at 20 April 2026
banner Expire 25 July 2025
Ads end 31 October 2026
What's new
Ad expires at 9 July 2026
Ads end 31 October 2026
Wizard's shop 2.0
RonalClub cc shop
Patrick Stash
Luki Crown
best shop
best shop

Dark_Code_x

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 28, 2020
Messages
6,905
Reaction score
753
Points
212
Awards
2
  • Somebody Likes you
  • First post
The attacks began in late November or early December last year and may still be ongoing.






Netlab researchers at Qihoo 360, a Chinese security company, reported two recently discovered malicious campaigns in which cybercriminals exploited zero-day vulnerabilities in Taiwanese-based DrayTek network devices.

According to experts, at least two separate cybercriminal groups used two critical remote command injection vulnerabilities ( CVE-2020-8515 ), affecting corporate switches, load balancers, routers and VPN gateways of DrayTek Vigor to intercept network traffic and install backdoors.

According to experts, the attacks began in late November or early December last year and may still continue against thousands of vulnerable Vigor 2960, 3900, 300B devices that have not yet received the latest firmware.

NetLab researchers did not associate the attacks with any particular grouping, but confirmed that the first group simply spied on network traffic, and the second used the command injection vulnerability in rtick to create backdoors and a system account with the username “wuwuhanhan” and the password “caonimuqin”.

According to experts, installing a fixed version of the firmware will not delete backdoor accounts automatically if the system has already been compromised.

Problems affect Vigor2960 versions below 1.5.1, Vigor300B below 1.5.1, Vigor3900 below 1.5.1, VigorSwitch20P2121 2.3.2 and below, VigorSwitch20G1280 2.3.2 and below, VigorSwitch20P1280 v2.3.2 and below, VigorSwitch20G2280 v2.3.2 and below VigorSwitch20G2280 v2.3.2 and below v2.3.2 and below. The manufacturer fixed the vulnerability in firmware version 1.5.1.
 
Ad End 1 November 2024
Top