FCX routers vulnerable to actively exploited flaw by botnets

published: Dec. 9, 2023

Take action: If you are using FCX routers, lock down the web management interface to trusted network and patch IMMEDIATELY. Most routers are exposed to the internet, so patching is more than advised. It's quite possible your router was already compromised.

Learn More

A botnet named "InfectedSlurs" is actively exploiting identified exploiting a zero-day vulnerability in FXC wireless LAN routers FXC AE1021 and AE1021PE, with firmware version 2.0.9 and earlier.

These models are commonly used in hotels and residences. This vulnerability, tracked as CVE-2023-49897(CVSS score 9.8)  allows attackers with authentication to execute operating system commands remotely on the routers.

The malware exploits the routers by first fingerprinting them using default credentials at the `/cgi-bin/login.apply` endpoint, and then deploying its payload upon successful authentication at the `/cgi-bin/action` endpoint. As a result, a variant of Mirai botnet is installed, contributing to the growth of the botnet.

FXC has responded with a firmware update (version 2.0.10) to mitigate this vulnerability. Users are urged to update their firmware and reset their devices to factory settings, including changing default login credentials.

FCX routers vulnerable to actively exploited flaw by botnets