Akamai has uncovered two zero-day bugs capable of remote code execution, both being exploited to distribute the Mirai malware and built a botnet army for distributed denial of service (DDoS) attacks. The perpetrators of the campaign have not been identified, but it is known that the zero-days target routers and network video recorders from two vendors and use the devices’ default passwords.
Source: The Register