Millions of home routers could be hacked by this simple bug

Attackers latched on to vulnerability within two days of PoC release

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have shared details about threat actors actively exploiting a critical authentication bypass vulnerability in the Arcadyan firmware inroutersto add them to the Mirai botnet.

The vulnerable devices include several routers from multiple vendors and ISPs, including Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus.

Based on the list of vendors, researchers from Juniper Threat Labsestimatethat the bug probably impacts millions of routers.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The researchers came across the attack exploiting the vulnerability while tracking the activity of a threat actor that’s known for targeting network and Internet of Things (IoT) devices.

Useful strategy

The vulnerability tracked asCVE-2021-20090is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware. With a score of 9.9/10, the vulnerability could be exploited to allow unauthenticated remote attackers to bypass authentication.

The security flaw was discovered by Tenable, which published asecurity advisoryback in April, and published aproof of concept (PoC) exploit codeearlier in August.

A couple of days after the publication of the PoC, Juniper Threat Labs identified some attack patterns that attempted to exploit the vulnerability, originating from an IP address located in Wuhan, Hubei province, China.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The researchers believe the threat actors behind this ongoing exploitation activity use malicious tools to deploy a Mirai botnet variant,originally discoveredby researchers from Palo Alto’s Unit42 in March.

Juniper believes the renewed interest shows that the threat actor is now using the new vulnerability to upgrade their infiltration arsenal.

“Given that most people may not even be aware of the security risk and won’t be upgrading their device anytime soon, this attack tactic can be very successful, cheap and easy to carry out,” believes Juniper.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time