Security News > 2021 > August > Auth Bypass Bug Exploited, Affecting Millions of Routers
An authentication-bypass vulnerability affecting multiple routers and internet-of-things devices is being actively exploited in the wild, according to researchers.
"The attacker seems to be attempting to deploy a Mirai variant on the affected routers."
Cleaving close to Tenable's PoC, the attackers are modifying the configuration of the attacked device to enable Telnet using "ARC SYS TelnetdEnable=1" to take control, according to Juniper.
Mirai is a long-running botnet that infects connected devices and can be used to mount distributed denial-of-service attacks.
The attackers have been continuously adding new exploits to its arsenal, according to the posting, and CVE-2021-20090 is unlikely to be the last.
"Whenever an exploit PoC is published, it often takes them very little time to integrate it into their platform and launch attacks."
News URL
https://threatpost.com/auth-bypass-bug-routers-exploited/168491/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-29 | CVE-2021-20090 | Path Traversal vulnerability in Buffalo products A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | 9.8 |