Security Affairs reports that vulnerable end-of-life D-Link DIR-823X routers impacted by the command injection flaw, tracked as CVE-2025-29635, have been targeted by Mirai botnet intrusions since early March, or about a year after the security issue was initially disclosed.Abuse of the vulnerability in affected D-Link routers, which were discontinued last year, enabled the loading of a shell script that retrieved the Mirai variant "tuxnokill" that leveraged XOR encoding while featuring typical Mirai strings, an analysis from the Akamai Security Intelligence and Response Team showed. Mirai was also observed to have harnessed the TP-Link AX21 bug, tracked as CVE-2023-1389, and another remote code execution issue impacting ZTE ZXV10 H108L routers."Many threat actors in the botnet space frequently target older vulnerabilities. Especially when public PoC exploits exist for these vulnerabilities, attackers can easily incorporate them into their exploitation vectors," said Akamai researchers, who called on organizations to promptly remediate disclosed security flaws.
Vulnerability Management, IoT, Network Security, Threat Intelligence
Discontinued D-Link routers subjected to Mirai botnet targeting
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds