AI description
CVE-2017-17215 is a remote code execution vulnerability affecting specific customized versions of Huawei HG532 home routers. An authenticated attacker can exploit this flaw by sending specially crafted malicious packets to port 37215. This vulnerability stems from the exposure of the TR-064 technical report standard, typically used for local network configuration, to the Wide Area Network (WAN) through port 37215. Attackers can inject shell meta-characters into the `NewStatusURL` and `NewDownloadURL` parameters during a firmware upgrade action, leading to the execution of arbitrary code on the device. This vulnerability has been actively exploited in the wild, notably to spread variants of the Mirai botnet, such as OKIRU/SATORI. Researchers observed numerous attack attempts targeting Huawei HG532 devices across various countries, including the USA, Italy, Germany, and Egypt. The successful exploitation allows attackers to gain control of the router and incorporate it into a botnet, which can then be used to launch Distributed Denial of Service (DDoS) attacks.
- Description
- Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.
- Source
- psirt@huawei.com
- NVD status
- Modified
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
【Fortinet分析、NexcoriumはTBK DVRから広がる“多段型Mirai”】 FortinetのNexcorium分析を見ると、これは単なるTBK DVR単発悪用ではありません。入口はCVE-2024-3721ですが、その後に複数アーキテクチャへの展開、Telnet総
@01ra66it
19 Apr 2026
247 Impressions
0 Retweets
2 Likes
2 Bookmarks
0 Replies
0 Quotes
Nexcorium Mirai variant exploits CVE-2024-3721 in TBK DVRs and end-of-life TP-Link routers for DDoS botnet expansion. Multi-architecture malware uses XOR encoding and embeds CVE-2017-17215 exploits. #DFIR_Radar https://t.co/s8rwl3TQkG
@DFIR_Radar
18 Apr 2026
324 Impressions
1 Retweet
6 Likes
1 Bookmark
1 Reply
0 Quotes
Fortinet reports that Nexcorium targets TBK DVRs with exploitation, persistence, brute-force, and multi-architecture Mirai-style DDoS, leveraging CVE-2024-3721 and CVE-2017-17215 to illustrate rapid IoT threat evolution. https://t.co/Eot448AnBV
@Cyber_O51NT
18 Apr 2026
568 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
2/7 Key vulnerabilities include CVE-2024-7029 for Avtech devices and CVE-2017-17215 for Huawei routers, enabling remote code execution. Hackers use these to inject shell scripts and malware. 🚨🔐 #CyberVulnerabilities
@Eth1calHackrZ
27 Jan 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Murdoc Botnet Alert: A Mirai variant exploits flaws in AVTECH IP cameras & Huawei routers (CVE-2017-17215, CVE-2024-7029) to target IoT devices for DDoS attacksI Infections hit Asia, Africa, South AmericaI Update firmware & secure credentialsI #CyberSecurity #Botnet
@TruBitXOfficial
25 Jan 2025
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
"Mirai botnet variant named Murdoc has been actively targeting AVTECH cameras and Huawei HG532 routers in a mass campaign since at least July 2024." CVE-2024-7029 & CVE-2017-17215 1[.]123[.]142[.]63 1[.]123[.]214[.]193 1[.]34[.]146[.]54 103[.]25[.]75[.]254 108[.]167[.]68[.]1
@skocherhan
23 Jan 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Variante de la Botnet Mirai denominada "Murdoc_Botnet" está apuntando a las cámaras Avtech y los routers Huawei HG532 Murdoc Botnet utiliza vulnerabilidades CVE-2024-7029 y CVE-2017-17215 mayoritariamente en Malaysia, Thailand, Mexico e Indonesia https://t.co/9MYmq0g4Ok… https:/
@doncaptador
22 Jan 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨𝐍𝐮𝐞𝐯𝐚 𝐜𝐚𝐦𝐩𝐚𝐧̃𝐚 𝐞𝐱𝐩𝐥𝐨𝐫𝐚 𝐯𝐮𝐥𝐧𝐞𝐫𝐚𝐛𝐢𝐥𝐢𝐝𝐚𝐝𝐞𝐬 𝐞𝐧 𝐜𝐚́𝐦𝐚𝐫𝐚𝐬 𝐈𝐏 𝐀𝐕𝐓𝐄𝐂𝐇 𝐲 𝐞𝐧𝐫𝐮𝐭𝐚𝐝𝐨𝐫𝐞𝐬 𝐇𝐔𝐀𝐖𝐄𝐈🚨 CVE: CVE-2017-17215, CVE-2024-7029 Severidad: ALTA Servicios afectados: Cámaras IP de AVTECH, Enrutadores Huawei HG532 htt
@IntelDeep
22 Jan 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Variante de la Botnet Mirai denominada "Murdoc_Botnet" está apuntando a las cámaras Avtech y los routers Huawei HG532 Murdoc Botnet utiliza vulnerabilidades CVE-2024-7029 y CVE-2017-17215 mayoritariamente en Malaysia, Thailand, Mexico e Indonesia https://t.co/NKYqJ5rQ9a https://
@elhackernet
21 Jan 2025
1863 Impressions
0 Retweets
10 Likes
2 Bookmarks
0 Replies
0 Quotes
🚨 New Murdoc_Botnet Targets IoT Devices Worldwide! Researchers have uncovered a massive botnet exploiting security flaws (CVE-2017-17215 & CVE-2024-7029) in AVTECH cameras and Huawei routers. It has already infected 1,370+ devices. Details: https://t.co/IHVZlbYcLP
@TheHackersNews
21 Jan 2025
12117 Impressions
51 Retweets
95 Likes
14 Bookmarks
2 Replies
2 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:hg532_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D1370CC-7DB4-4162-8C4F-12EB7F781D06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:hg532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37D1DF9F-CD5A-4AB0-84C5-500CCFBDC6B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]