Critical Vulnerability Found in Rockus Access Points Based on Linux
A critical vulnerability has been found that allows remote attackers to take control of target systems at the Rockus access points based on Linux. The vulnerability, identified as CVE-2023-25717, was discovered in February of this year and was reported by Fortinet in a recent blog post. The company warns that the vulnerability is being exploited by a new botnet campaign called andoryubot, which has been rapidly spreading since the second half of April.
Andoryubot uses the vulnerability of Rockus routers to infiltrate targeted devices, after which it uploads a special script for further distribution. The botnet targets Linux systems and can infect different types of processors, including those used in smartphones, laptops and other electronic devices.
“After the infection of the target device, the Andoryubot quickly spreads and starts communicating with its SOCKS5 control server. And having received a command to attack, the victim system launches the DDOS-Atak for a certain IP address and port,” explained Kara Lin, senior Fortinet antivirus analyst.
Fortinet advises users to be aware of this new threat and actively install patches on affected devices to protect against the exploit. In its report, Fortinet provided IPS-signatures for customers and indicators of compromise (IOC) for security specialists to protect their companies from threats related to the exploit.
The discovery of the vulnerability underscores the importance of taking a proactive approach to cybersecurity and regularly updating software to prevent exploits.