December 22, 2023 at 06:45AM
CISA released advisories for ICS vulnerabilities affecting FXC routers and QNAP NVR devices, exploited in the wild. The FXC flaw allows remote code execution via NTP server settings, affecting outlet wall routers in Japan. QNAP’s vulnerability, patched years ago, is being exploited by a Mirai-based malware campaign targeting legacy models. CISA added the flaws to its exploited vulnerabilities catalog.
Key takeaways from the meeting notes:
– The US cybersecurity agency CISA has published industrial control system (ICS) advisories for vulnerabilities affecting Future X Communications (FXC) routers and QNAP VioStor NVR devices, cautioning organizations that the vulnerabilities have been exploited in the wild.
– The first advisory highlighted a high-severity command injection flaw (CVE-2023-49897) in AE1021 and AE1021PE outlet wall routers made by FXC, with potential for remote code execution via NTP server settings. These routers are deployed in Japan in the IT and commercial facilities critical infrastructure sectors.
– The second advisory covers a similar high-severity flaw (CVE-2023-47565) affecting QNAP VioStor NVR devices, used worldwide in the commercial facilities critical infrastructure sector.
– Both FXC and QNAP have released patches for the vulnerabilities, with emphasis on the need for users to take action promptly due to active exploitation in the wild.
– Notably, the QNAP vulnerability was actually patched almost ten years ago, but exploitation is targeting legacy models that are no longer supported.
– No active exploitation of the vulnerabilities was mentioned in the recent security advisories by the vendors, but cybersecurity firm Akamai has observed the vulnerabilities being leveraged in a campaign named InfectedSlurs, wherein a Mirai-based malware is installed with the aim of forming a distributed denial-of-service (DDoS) botnet.
– The cybercriminals are capitalizing on the fact that users have not changed the weak default passwords the devices were shipped with, despite exploitation requiring authentication.
– CISA has included the flaws in its known exploited vulnerabilities catalog.