Cybersecurity researchers have shared details about threat actors actively exploiting a critical authentication bypass vulnerability in the Arcadyan firmware in routers to add them to the Mirai botnet.
The vulnerable devices include several routers from multiple vendors and ISPs, including Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus.
Based on the list of vendors, researchers from Juniper Threat Labs estimate that the bug probably impacts millions of routers.
- Here’s our list of the best secure routers
- These are the best small business routers
- Protect your devices with these best antivirus software
The researchers came across the attack exploiting the vulnerability while tracking the activity of a threat actor that’s known for targeting network and Internet of Things (IoT) devices.
Useful strategy
The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware. With a score of 9.9/10, the vulnerability could be exploited to allow unauthenticated remote attackers to bypass authentication.
The security flaw was discovered by Tenable, which published a security advisory back in April, and published a proof of concept (PoC) exploit code earlier in August.
A couple of days after the publication of the PoC, Juniper Threat Labs identified some attack patterns that attempted to exploit the vulnerability, originating from an IP address located in Wuhan, Hubei province, China.
The researchers believe the threat actors behind this ongoing exploitation activity use malicious tools to deploy a Mirai botnet variant, originally discovered by researchers from Palo Alto’s Unit42 in March.
Juniper believes the renewed interest shows that the threat actor is now using the new vulnerability to upgrade their infiltration arsenal.
"Given that most people may not even be aware of the security risk and won’t be upgrading their device anytime soon, this attack tactic can be very successful, cheap and easy to carry out,” believes Juniper.
- We’ve also rounded up the best ransomware protection tools
