Cyber Security

Hackers Exploiting New Auth Bypass Bug Affecting Millions of Arcadyan Routers

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure.

Tracked as CVE-2021-20090 (CVSS score: 9.9), the weakness concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

Stack Overflow Teams

Disclosed by Tenable on August 3, the issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone.

Successful exploitation of the could enable an attacker to circumvent authentication barriers and potentially gain access to sensitive information, including valid request tokens, which could be used to make requests to alter router settings.

Juniper Threat Labs last week said it “identified some attack patterns that attempt to exploit this vulnerability in the wild coming from an IP address located in Wuhan, Hubei province, China” starting on August 5, with the attacker leveraging it to deploy a Mirai variant on the affected routers, mirroring similar techniques revealed by Palo Alto Networks’ Unit 42 earlier this March.

“The similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability,” the researchers said.

Enterprise Password Management

Besides CVE-2021–20090, the threat actor carried out attacks leveraging a number of other vulnerabilities, such as –

Unit 42’s report had previously uncovered as many as six known and three unknown security flaws that were exploited in the attacks, counting those targeted at SonicWall SSL-VPNs, D-Link DNS-320 firewalls, Netis WF2419 wireless routers, and Netgear ProSAFE Plus switches.

To avoid any potential compromise, users are recommended to update their router firmware to the latest version.

“It is clear that threat actors keep an eye on all disclosed vulnerabilities. Whenever an exploit PoC is published, it often takes them very little time to integrate it into their platform and launch attacks,” the researchers said.

Products You May Like

Articles You May Like

OnePlus TV 50 Y1S Pro India Launch Confirmed; 4K UHD Bezel-Less Display, Dolby Audio Support Teased
Google Engineer on His Sentient AI Claim
Dizo Buds P Confirmed To Launch in India on June 28 With 40 Hours of Total Playtime
iQoo 10 Series Tipped to be Powered by MediaTek Dimensity 9000+ SoC
HP Omen 16 (2022), Omen 17 (2022), Victus 15 (2022), Victus 16 (2022) Gaming Laptops Launched in India

Leave a Reply

Your email address will not be published.