QNAP VioStor Network Video Recorder exploited by botnet

The 'InfectedSlurs' botnet, based on Mirai, is actively exploiting a critical remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices.

A botnet exploits a device by using vulnerabilities, to gain unauthorized access and control over the device. Once compromised, the device is enlisted into a network of infected devices (the botnet), which can be remotely controlled by the attacker to perform malicious activities like distributed denial-of-service (DDoS) attacks, data theft, or spreading malware to other devices.

Discovered in October 2023 by Akamai, the botnet targets two previously undisclosed zero-day vulnerabilities in routers and NVR devices, with the exploitation likely beginning in late 2022.

Due to the absence of security patches at the time, the details about these vulnerabilities were withheld until patch is released.

The vulnerability, CVE-2023-47565 (CVSS3 score 8.8), is a high-severity OS command injection affecting certain QNAP VioStor NVR models running outdated QVR firmware 4.x. QNAP released an advisory on December 7, 2023, stating that this issue has been resolved in QVR firmware version 5.x and later, which is available for all actively supported models. Given that firmware 5.0.0 was released nearly a decade ago, the botnet seems to be primarily targeting older VioStor NVR models that haven't updated their firmware since their initial setup.

For VioStor NVR models that have reached end-of-life (EOL) and do not support firmware 5.x or later, no security updates are available. The only recommended course of action for these obsolete devices is to replace them with newer models that receive active support and updates.