New Mirai Variant Targets CVE-2020-10173 and Other New Flaws

Written by Bill Toulas
Last updated September 24, 2021

For a botnet malware to be successful, it needs to rely on flawless distribution, the ability to break in a wide range of systems and stay hidden from whatever security mechanisms are in place. According to recent reports that come from Trend Micro researchers who have sampled a new Mirai variant, the malware’s authors have been busy, as the new version comes with the ability to exploit nine new flaws.

The one that steals the show is “CVE-2020-10173,” which affects Comtrend VR-3033 routers. This is the first time we see this flaw being exploited in the wild, so it’s noteworthy.

The other vulnerabilities that have been added in Mirai’s arsenal include exploits for IP cameras, smart TVs, WiFi routers, and more.

Here’s a list of the devices, software, and firmware that is vulnerable to Mirai:

In the case of the Comtrend VR-3033, Mirai performs a multiple authenticated command injection attack, compromising the entire network that the target router handles. Researchers had released a “proof of concept” exploit for the CVE-2020-10173 back in February, targeting firmware version DE11-416SSG-C01_R02.A2pvI042j1.d26m and bootloader version 1.0.38-116.228-1. Thus, it was a matter of time before malware authors took this code and implemented it into their botnet propagators.


Source: Trend Micro

Of course, Mirai is one of the most actively developed botnet malware tools out there, and it’s evolving month after month, adding more exploits and expanding its targeting scope. As expected, you may find various Mirai versions circulating in the wild, targeting a different subset of devices coming from a wide range of vendors.

That said, the best thing you can do to protect yourself from this danger is to apply firmware updates and security patches as soon as they become available for your device.

It is also good to remember that Mirai deploys Telnet and SSH to brute-force weak default credentials on the target devices. The Trend Micro team analyzed the new version and managed to extract 66 credentials that are generally used in the target IoTs and routers. This means you should change your device’s default username and password as soon as you take it out of the box.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: