Security News

Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors. Security firm IoT Inspector, based in Bad Homburg, Germany, disclosed the vulnerabilities to Realtek in May, and said more than 65 hardware makers' products incorporate the Realtek RTL819xD module, which implements wireless access point functions and includes one of the vulnerable SDKs. "By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," the biz said in its advisory, estimating - conservatively, we think - that almost a million vulnerable devices may be in use, including VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls.

" Home and small business routers under attack. The Navajo Nation's selfless cryptographic contribution to America.

PacketFabric announced that it has released native support of IPsec VPN tunnels as a connection type for its Cloud Router product. "The cloud is all about scale and flexibility. But traditional cloud connectivity hasn't delivered scalability or flexibility. You've had to backhaul traffic through data centers, wait an entire ice age for circuits to provision, rely on unpredictable Internet, or deal with inflexible long-term telco-style contracts," said PacketFabric Chief Technology Officer and Chief Product Officer Anna Claiborne.

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090, the weakness concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked as CVE-2021-20090, the weakness concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

Evan Grant, a researcher at network security scanning company Tenable, recently decided to have a go at hacking a home router. Grant's first stop was to download a binay file called httpd, which is the name under which you typically find a home or small business router's web server, used for managing the device from a browser.

An authentication-bypass vulnerability affecting multiple routers and internet-of-things devices is being actively exploited in the wild, according to researchers. "The attacker seems to be attempting to deploy a Mirai variant on the affected routers."

Cybercriminals quickly started exploiting a vulnerability that affects routers and modems from many vendors that use the same underlying firmware. On August 3, cybersecurity firm Tenable published a blog post describing a vulnerability affecting routers that use firmware from Arcadyan, a Taiwan-based provider of networking solutions.

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

A critical security vulnerability in a subset of Cisco Systems' small-business VPN routers could allow a remote, unauthenticated attacker to take over a device - and researchers said there are at least 8,800 vulnerable systems open to compromise. The critical bug affects the vendor's Dual WAN Gigabit VPN routers.