CVE-2017-17215

Vulnerability updated 5 months ago (2024-05-04T19:13:41.735Z)

Download STIX

Preview STIX

CVE-2017-17215 is a significant vulnerability found in Huawei HG532 routers, characterized as a flaw in software design or implementation. This vulnerability has been exploited to distribute malware through exposed Hadoop YARN servers and security flaws in Realtek SDK devices (CVE-2014-8361) and Huawei HG532 routers. The severity of this vulnerability is underscored by its high CVSS score of 8.8, which suggests a critical risk level. The exploitation of CVE-2017-17215 was observed during the infection process for HinataBot, a type of malware. This botnet malware was seen leveraging the vulnerability in the miniigd SOAP service on Realtek SDK devices (CVE-2014-8361), Huawei HG532 routers (CVE-2017-17215), as well as exposed Hadoop YARN servers. This multi-vector approach allowed the malware to infect a wide range of devices and networks, demonstrating the extensive reach of this vulnerability. Over a 30-day period, there was a notable daily detection count related to the remote code execution vulnerability in Huawei HG532 routers (CVE-2017-17215). This data, represented in Figure 5, provides evidence of the widespread exploitation of this vulnerability. The high frequency of detections underscores the urgent need for patching and remediation efforts to secure vulnerable devices and protect against potential future attacks.

Description last updated: 2024-05-04T17:10:57.207Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2014-8361 Vulnerability is associated with CVE-2017-17215. CVE-2014-8361 is a significant software vulnerability discovered in the design and implementation of Realtek SDK devices, Hadoop YARN servers, and Huawei HG532 routers. This flaw allows for command injection, enabling an attacker to execute arbitrary commands via SOAP, a protocol used for exchanging	Unspecified	2

Source Document References

Information about the CVE-2017-17215 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Fortinet	a month ago	Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 \| FortiGuard Labs
InfoSecurity-magazine	2 months ago	Unpatched CCTV Cameras Exploited to Spread Mirai Variant
Securityaffairs	2 months ago	Corona Mirai botnet spreads via AVTECH CCTV zero-day
InfoSecurity-magazine	4 months ago	Cyber Attackers Turn to Cloud Services to Deploy Malware
Fortinet	4 months ago	The Growing Threat of Malware Concealed Behind Cloud Services \| FortiGuard Labs
SANS ISC	a year ago	Routers Targeted for Gafgyt Botnet [Guest Diary] - SANS Internet Storm Center
CERT-EU	a year ago	Mirai Botnet’s New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught
Fortinet	2 years ago	2022 IoT Threat Review \| FortiGuard Labs
CERT-EU	2 years ago	New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
CERT-EU	2 years ago	พบ 'HinataBot' บอทเน็ตที่อาจสร้างการโจมตี DDoS ขนาด 3.3 Tbps ได้
CERT-EU	2 years ago	The Good, the Bad and the Ugly in Cybersecurity – Week 12 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware – National Cyber Security Consulting