CISA issued advisories regarding vulnerabilities in FXC routers and QNAP network video recorder devices, both exploited in the wild. The FXC flaw, CVE-2023-49897, allows remote code execution via NTP server settings on AE1021/AE1021PE wall routers used in Japan’s critical infrastructure sectors. The QNAP VioStor NVR devices suffer from CVE-2023-47565, a high-severity flaw patched years ago, impacting legacy models no longer supported. While both vendors released patches, the exploits, observed in the InfectedSlurs campaign by Akamai, install Mirai-based malware for DDoS botnet creation. The cybercriminals are leveraging default passwords users failed to change, highlighting the significance of immediate action to mitigate risks.

Read more: https://www.securityweek.com/cisa-warns-of-fxc-router-qnap-nvr-vulnerabilities-exploited-in-the-wild/