A new Mirai-based botnetis actively exploiting a remote code execution vulnerability that has not received a tracker number and appears to be unpatched in DigiEver DS-2105 Pro NVRs.
The campaign started in October and targets multiple network video recorders and TP-Link routers with outdated firmware.
One of the vulnerabilities used in the campaign was documented by TXOne researcher Ta-Lun Yen and presented last year at the DefCamp security conference in Bucharest, Romania. The researcher said at the time that the issue affects multiple DVR devices.
Akamai researchers observed that the botnet started to exploit the flaw in mid-November, but found evidence that the campaign has been active since at least September.
Apart from the DigiEver flaw, the new Mirai…