Exploited Bug Bypasses Authentication On Numerous Routers

Share post:

Tenable discovered a vulnerability on April 26 that is actively exploited by threat actors and is tracked as CVE-2021-20090.

The vulnerability affects home routers running Arcadyan firmware, which in turn paves the way for attackers to use malicious payloads from the Mirai botnet.

The vulnerable devices include dozens of router models from multiple providers and ISPs, including Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra and Telus.

The vulnerability found in the web interfaces of routers with Arcadyan firmware provides unauthenticated remote attackers with access to authentication bypass. Millions of routers are reportedly vulnerable to attack depending on how many router models and vendors are already affected by the bug.

The latest attacks were discovered by researchers from Juniper Threat Labs.

While Juniper Threat Labs “identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China,” the report showed that threat actors actively exploiting the vulnerability could do so with malicious tools similar to those used in a Mirai campaign against IoT and network security using a Mirai botnet variant.

For more information, read the original story in Bleeping Computer.

Featured Tech Jobs


Related articles

Leaked documents may show the inside of China’s hacking strategy

Documents apparently stolen by disgruntled employees to embarrass their firm may give insight into China's cyber

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways