Threat actors are exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users, targeting primarily organizations in Japan and other countries. Although Array Networks released a security update in May, the flaw remains actively exploited, posing significant risks to enterprise remote access systems. #ArrayNetworks #CommandInjection
Keypoints
- Hackers have been exploiting a command injection vulnerability in Array AG Series VPN devices since August.
- The vulnerability allows attackers to plant webshells and create rogue users on affected devices.
- Array Networks addressed the flaw in a May security update, but no CVE-ID has been assigned yet.
- Most targeted devices are in Japan, with some instances in China and the United States.
- Workarounds include disabling DesktopDirect services and blocking specific URLs if updating isn’t possible.