New Mirai campaign exploits RCE flaw in EoL D-Link routers
Summary
A new Mirai malware campaign is actively exploiting CVE-2025-29635, a critical RCE vulnerability in EoL D-Link DIR-823X routers. This flaw allows attackers to inject commands and enlist compromised devices into the Mirai botnet.
IFF Assessment
The exploitation of an RCE vulnerability in widespread, end-of-life devices by a known botnet is detrimental to defenders as it expands the attack surface and botnet capabilities.
Severity
The vulnerability allows for Remote Code Execution (RCE) via command injection, enabling full control of affected devices and likely leading to widespread botnet participation. The impact is high across Confidentiality, Integrity, and Availability, with an easily exploitable network attack vector.
Defender Context
This campaign highlights the ongoing threat posed by IoT botnets like Mirai and the risks associated with using end-of-life network devices. Defenders should prioritize identifying and patching or replacing vulnerable D-Link DIR-823X routers and monitor network traffic for signs of Mirai activity.