A zero-day remote code execution (RCE) vulnerability in the Huawei home router HG532 has been discovered by Check Point security researchers.
The RCE vulnerability (CVE-2017-17215) was spotted by Check Point on November 27, 2017 as hundreds of thousands of exploit attempts were discovered in the wild, most notably in the USA, Italy, Germany and Egypt, to name a few.
According to the Check Point report, the delivered malware payload was identified as OKIRU/SATORI, a new variant of Mirai. The alleged threat actor behind the attacks appears to be nicknamed ‘Nexus Zeta’.
Huawei launched an investigation after the discovery and confirmed an authenticated attacker could send malicious packets to port 37215 to launch attacks used to exploit the vulnerability, then perform remote execution of arbitrary code.
Huawei recommended the following mitigations to help prevent the exploit of the vulnerability:
1) Configure the built-in firewall function.
2) Change the default password.
3) Deploy a firewall at the carrier side.