Mirai Botnet Targets Flaw in Discontinued D-Link Routers

"The router extracts the value that ends up in the command buffer from the request body without checking which form field it came from, leading to potential exploitation."

"D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it."

"Mirai malware campaigns continue to plague the industry, with much of the original source code continuing to be reused by various threat actors, both skilled and unskilled."

A Mirai botnet is exploiting a command injection vulnerability in discontinued D-Link routers, tracked as CVE-2025-29635. This vulnerability allows attackers to manipulate function values without validation through crafted POST requests. The exploitation attempts mirror a previously published proof-of-concept exploit. Affected devices include D-Link DIR-823X series routers, which no longer receive updates. D-Link advises retiring these products due to security risks. The threat actor has also targeted vulnerabilities in TP-Link and ZTE routers, highlighting ongoing Mirai malware campaigns that attract various cybercriminals.

#mirai-botnet #d-link-routers #cybersecurity #vulnerability #command-injection

Read at SecurityWeek

Unable to calculate read time

Collection

[

...

]

Mirai Botnet Targets Flaw in Discontinued D-Link RoutersMirai Botnet Targets Flaw in Discontinued D-Link Routers Briefly

Mirai Botnet Targets Flaw in Discontinued D-Link Routers
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
Briefly