The Satori Internet of Things (IoT) botnet uses Huawei Router Exploit CVE-2017-17215 and is reported to be circulating in the wild.

At the core of the Satori Internet of Things (IoT) botnet that was disrupted by internet service providers (ISPs) earlier this month, is a vulnerability in Huawei routers. Researchers at NewSky Security reported Dec. 28. that code that exploits the Huawei vulnerability has now been publicly posted on the internet.  The Huawei router vulnerability is specific to HG532 devices that are widely used around the world. The vulnerability is formally identified as CVE-2017-17215 and was discovered by security firm Check Point, which reported the issue to Huawei on Nov. 27.

Whether the risk is the Satori botnet, or another IoT botnet, the Huawei CVE-2017-17215 vulnerability will continue to be used by attackers. There are several things that users can do to help limit the risk of being exploited.  “The only thing users should do in regards to this zero-day is to change the default password on their router,” Horowitz said. “This is also Huawei’s suggestion on their Security Notice.”

“Users of this router are mostly home users, who do not typically log in to their router’s interface and don’t necessarily have the know-how and so unfortunately I have to assume most devices would stay vulnerable,” Horowitz said. “We desperately need IoT device manufacturers to make security a top priority and not to leave the users accountable.”