Security News

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090, the weakness concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090, the weakness concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

Evan Grant, a researcher at network security scanning company Tenable, recently decided to have a go at hacking a home router. Grant's first stop was to download a binay file called httpd, which is the name under which you typically find a home or small business router's web server, used for managing the device from a browser.

An authentication-bypass vulnerability affecting multiple routers and internet-of-things devices is being actively exploited in the wild, according to researchers. "The attacker seems to be attempting to deploy a Mirai variant on the affected routers."

Cybercriminals quickly started exploiting a vulnerability that affects routers and modems from many vendors that use the same underlying firmware. On August 3, cybersecurity firm Tenable published a blog post describing a vulnerability affecting routers that use firmware from Arcadyan, a Taiwan-based provider of networking solutions.

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

A critical security vulnerability in a subset of Cisco Systems' small-business VPN routers could allow a remote, unauthenticated attacker to take over a device - and researchers said there are at least 8,800 vulnerable systems open to compromise. The critical bug affects the vendor's Dual WAN Gigabit VPN routers.

Cisco on Wednesday announced the release of patches for a critical vulnerability in small business VPN routers that could allow unauthenticated attackers to execute arbitrary code on affected devices. To exploit the bug, a remote, unauthenticated attacker has to send specially crafted HTTP requests to an affected device, which could allow them to execute arbitrary code or cause a denial of service condition.

Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers - including a 9.8-rated nasty. The two vulnerabilities affect the RV340, RV345, RV340W, and RV345P products, which are aimed at SMEs and home office setups.

Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service condition. The issues, tracked as CVE-2021-1609 and CVE-2021-1610, reside in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22.