A newly disclosed software flaw known as React2Shell (CVE-2025-55182) is being widely used in active cyberattacks against connected home devices, according to new data from Bitdefender. The company is blocking more than 150,000 attack attempts per day, showing how quickly criminal groups move once a vulnerability becomes public.
Although the issue originates in certain Node.js-based web applications and not in smart home products themselves, the fallout affects the broader connected-device landscape. Once attackers find any system they can break into, they often use it to scan for and compromise additional devices, many of which are commonly installed in today’s smart homes.
The vulnerability is notable due to the speed with which cybercriminals are exploiting it. The bug was first disclosed on Dec. 3, and Bitdefender is already blocking 150,000 exploits per day, the firm said Tuesday.
Bitdefender observed attacks aimed at a wide range of connected devices, including:
Smart plugs and simple IoT appliances
Smartphones
NAS and home storage devices
Surveillance cameras and systems
Home routers
Smart TVs and entertainment devices
Many attempts also hit devices that could not be identified by type, which indicates attackers are simply scanning the internet for anything that responds, not targeting specific brands.
This pattern is typical of botnet activity: attack whatever is online and vulnerable, then use it to grow the network even further.
Bitdefender reports that attackers began using React2Shell almost as soon as the details became public. Most of the activity involves automated tools trying to break into systems and install malware.
With more than 150,000 attempts every day, this campaign is already operating at a global scale.
The largest share of activity appears to originate from a datacenter in Poland, but additional probing has come from the U.S., Europe, and Asia. This wide distribution suggests broad adoption by existing botnet operators rather than a single targeted effort.
In addition to React2Shell attempts, researchers also saw the same sources trying to exploit older camera and router vulnerabilities—another sign that attackers are running large, all-purpose scanning tools.
Bitdefender observed two main types of malicious software being delivered:
Botnet tools, similar to the well-known Mirai family, which take over devices so they can be used in large-scale internet attacks
Cryptomining tools, which quietly use a device’s computing power to generate cryptocurrency for the attacker
These are common tactics because they are simple, profitable, and require little maintenance.
React2Shell’s rapid adoption reinforces what integrators have been seeing for years: the biggest cybersecurity risks come from the broader internet, not only from the products inside a home. As the number of connected devices grows, so does the likelihood that attackers will find an entry point somewhere in the network.
For integrators, this means secure network design, sensible default settings, and regular maintenance are increasingly central to delivering long-term value to clients.
Integrators are urged to follow best cybersecurity practices:
Keep IoT and AV devices separated from the main home network
Turn off remote access features clients don’t actively use
Keep firmware and software up to date
Review any custom dashboards, interfaces, or local services for unnecessary exposure
CE Pro will continue monitoring this issue and will report back as Bitdefender identifies new patterns or emerging threats.
The post New Wave of Online Attacks Puts Connected Home Devices at Risk appeared first on CEPRO.