Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers

Cyber Security

Products You May Like

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.

Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

Stack Overflow Teams

Disclosed by Tenable on August 3, the issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone.

Successful exploitation of the could enable an attacker to circumvent authentication barriers and potentially gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.

Juniper Threat Labs last week said it “identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China” starting on August 5, with the attacker leveraging it to deploy a Mirai variant on the affected routers, mirroring similar techniques revealed by Palo Alto Networks’ Unit 42 earlier this March.

“The similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability,” the researchers said.

Enterprise Password Management

Besides CVE-2021–20090, the threat actor carried out attacks leveraging a number of other vulnerabilities, such as –

Unit 42’s report had previously uncovered as many as six known and three unknown security flaws that were exploited in the attacks, counting those targeted at SonicWall SSL-VPNs, D-Link DNS-320 firewalls, Netis WF2419 wireless routers, and Netgear ProSAFE Plus switches.

To avoid any potential compromise, users are recommended to update their router firmware to the latest version.

“It is clear that threat actors keep an eye on all disclosed vulnerabilities. Whenever an exploit PoC is published, it often takes them very little time to integrate it into their platform and launch attacks,” the researchers said.

Products You May Like

Articles You May Like

NASA DART Spacecraft Successfully Slams Into Asteroid Dimorphos in First Planetary Defence Test
Google Pixel 7, Pixel 7 Pro India Launch Confirmed by Google India, May Debut on October 6
Fake Indian Banking Rewards Apps Targeting Android Users with Info-stealing Malware
iOS 16 ‘Mailjack’ Bug Causes Mail App to Crash Upon Receiving Maliciously Crafted Email: All Details
Iranians Hit by Near-Total Internet Blackout as Amid Nationwide Mass Protests: All Details

Leave a Reply

Your email address will not be published.