CVE-2017-17215

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2017-17215 is a significant vulnerability found in Huawei HG532 routers, characterized as a flaw in software design or implementation. This vulnerability has been exploited to distribute malware through exposed Hadoop YARN servers and security flaws in Realtek SDK devices (CVE-2014-8361) and Huawei HG532 routers. The severity of this vulnerability is underscored by its high CVSS score of 8.8, which suggests a critical risk level. The exploitation of CVE-2017-17215 was observed during the infection process for HinataBot, a type of malware. This botnet malware was seen leveraging the vulnerability in the miniigd SOAP service on Realtek SDK devices (CVE-2014-8361), Huawei HG532 routers (CVE-2017-17215), as well as exposed Hadoop YARN servers. This multi-vector approach allowed the malware to infect a wide range of devices and networks, demonstrating the extensive reach of this vulnerability. Over a 30-day period, there was a notable daily detection count related to the remote code execution vulnerability in Huawei HG532 routers (CVE-2017-17215). This data, represented in Figure 5, provides evidence of the widespread exploitation of this vulnerability. The high frequency of detections underscores the urgent need for patching and remediation efforts to secure vulnerable devices and protect against potential future attacks.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Exploit

Akamai

Malware

Hadoop

Botnet

exploitation

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Mirai	Unspecified	1	Mirai is a type of malware that primarily targets Internet of Things (IoT) devices to form botnets, which are networks of private computers infected with malicious software and controlled as a group without the owners' knowledge. In early 2022, Mirai botnets accounted for over 7 million detections g
Mirai Botnet	Unspecified	1	The Mirai botnet is a type of malware, malicious software designed to exploit and harm computer systems. It spreads by exploiting vulnerabilities in different systems, most notably through Ivanti Connect Secure bugs and the JAWS Webserver. Once inside a system, it can steal personal information, dis

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2014-8361	Unspecified	1	CVE-2014-8361 is a significant software vulnerability found in Realtek SDK devices. This flaw in the software design or implementation allows for exploitation by malicious actors, often leading to unauthorized access and control of the affected systems. The vulnerability is particularly notable due
Webserver Rce	Unspecified	1	Webserver RCE is a software vulnerability, a flaw in the design or implementation of software that can be exploited by malicious actors. One such actor is Kyton, a Gafgyt/Mirai hybrid botnet, which reuses code from other Mirai variants to exploit several vulnerabilities including CVE-2017-17215 (Hua

Source Document References

Information about the CVE-2017-17215 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
InfoSecurity-magazine	a month ago	Cyber Attackers Turn to Cloud Services to Deploy Malware
Fortinet	a month ago	The Growing Threat of Malware Concealed Behind Cloud Services \| FortiGuard Labs
SANS ISC	9 months ago	Routers Targeted for Gafgyt Botnet [Guest Diary] - SANS Internet Storm Center
CERT-EU	10 months ago	Mirai Botnet’s New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught
Fortinet	a year ago	2022 IoT Threat Review \| FortiGuard Labs
CERT-EU	a year ago	New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
CERT-EU	a year ago	พบ 'HinataBot' บอทเน็ตที่อาจสร้างการโจมตี DDoS ขนาด 3.3 Tbps ได้
CERT-EU	a year ago	The Good, the Bad and the Ugly in Cybersecurity – Week 12 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting