CVE-2017-17215

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2017-17215 is a significant vulnerability found in Huawei HG532 routers, characterized as a flaw in software design or implementation. This vulnerability has been exploited to distribute malware through exposed Hadoop YARN servers and security flaws in Realtek SDK devices (CVE-2014-8361) and Huawei HG532 routers. The severity of this vulnerability is underscored by its high CVSS score of 8.8, which suggests a critical risk level. The exploitation of CVE-2017-17215 was observed during the infection process for HinataBot, a type of malware. This botnet malware was seen leveraging the vulnerability in the miniigd SOAP service on Realtek SDK devices (CVE-2014-8361), Huawei HG532 routers (CVE-2017-17215), as well as exposed Hadoop YARN servers. This multi-vector approach allowed the malware to infect a wide range of devices and networks, demonstrating the extensive reach of this vulnerability. Over a 30-day period, there was a notable daily detection count related to the remote code execution vulnerability in Huawei HG532 routers (CVE-2017-17215). This data, represented in Figure 5, provides evidence of the widespread exploitation of this vulnerability. The high frequency of detections underscores the urgent need for patching and remediation efforts to secure vulnerable devices and protect against potential future attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Akamai
Malware
Hadoop
exploitation
Exploit
Botnet
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MiraiUnspecified
1
Mirai is a notorious malware that targets Internet of Things (IoT) devices to form a botnet, which can then be used to launch distributed denial-of-service (DDoS) attacks. In early 2022, Mirai botnets accounted for over 7 million detections, highlighting the widespread nature of this threat. However
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2014-8361Unspecified
1
CVE-2014-8361 is a significant software vulnerability found in Realtek SDK devices. This flaw in the software design or implementation allows for exploitation by malicious actors, often leading to unauthorized access and control of the affected systems. The vulnerability is particularly notable due
Webserver RceUnspecified
1
None
Source Document References
Information about the CVE-2017-17215 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
SANS ISC
7 months ago
Routers Targeted for Gafgyt Botnet [Guest Diary] - SANS Internet Storm Center
CERT-EU
a year ago
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
CERT-EU
8 months ago
Mirai Botnet’s New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught
Fortinet
a year ago
2022 IoT Threat Review | FortiGuard Labs
CERT-EU
a year ago
The Good, the Bad and the Ugly in Cybersecurity – Week 12 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting
CERT-EU
a year ago
พบ 'HinataBot' บอทเน็ตที่อาจสร้างการโจมตี DDoS ขนาด 3.3 Tbps ได้