The vulnerabilities impact devices with default configurations and can lead to system configuration modifications, creation of privileged accounts, and denial of service conditions.
The attackers utilized typosquatting and code modifications to trick developers into installing malicious packages and continuously refined their techniques to evade detection.