Multiple Modem Routers Vulnerable to Unauthenticated Attacks

[silversurfer]

Content source

https://www.technadu.com/multiple-modem-routers-vulnerable-to-unauthenticated-attacks/290716/

• A large set of modem routers from nine vendors are vulnerable to remote unauthenticated access.
• Some of these vendors have addressed the problem with a fixing patch, but not every model is covered.
• Applying any available firmware updates and disabling remote WAN access to the admin panel is advisable.

Researchers warn about a critical path traversal vulnerability affecting modems made by Arcadyan which use the same buggy firmware. The flaw is being tracked as CVE-2021-20090 and has a CVSS v3 score of 8.1 (critical). The vulnerability allows an attacker to bypass authentication on a target device remotely, potentially accessing private pages, sensitive information, tokens, or even altering the router settings. The discovery of this comes from the Tenable team, who also found two more flaws (91 and 92) that have a more limited impact (only Buffalo WSR-2533DHPL2).

The modem router devices that are vulnerable to CVE-2021-20090 are the following:

Vendor	Device	Vulnerable Version
ADB	ADSL wireless IAD router	1.26S-R-3P
Arcadyan	ARV7519	00.96.00.96.617ES
Arcadyan	VRV9517	6.00.17 build04
Arcadyan	VGV7519	3.01.116
Arcadyan	VRV9518	1.01.00 build44
ASMAX	BBR-4MG / SMC7908 ADSL	0.08
ASUS	DSL-AC88U (Arc VRV9517)	1.10.05 build502
ASUS	DSL-AC87VG (Arc VRV9510)	1.05.18 build305
ASUS	DSL-AC3100	1.10.05 build503
ASUS	DSL-AC68VG	5.00.08 build272
Beeline	Smart Box Flash	1.00.13_beta4
British Telecom	WE410443-SA	1.02.12 build02
Buffalo	WSR-2533DHPL2	1.02
Buffalo	WSR-2533DHP3	1.24
Buffalo	BBR-4HG
Buffalo	BBR-4MG	2.08 Release 0002
Buffalo	WSR-3200AX4S	1.1
Buffalo	WSR-1166DHP2	1.15
Buffalo	WXR-5700AX7S	1.11
Deutsche Telekom	Speedport Smart 3	010137.4.8.001.0
HughesNet	HT2000W	0.10.10
KPN	ExperiaBox V10A (Arcadyan VRV9517)	5.00.48 build453
KPN	VGV7519	3.01.116
O2	HomeBox 6441	1.01.36
Orange	LiveBox Fibra (PRV3399)	00.96.00.96.617ES
Skinny	Smart Modem (Arcadyan VRV9517)	6.00.16 build01
SparkNZ	Smart Modem (Arcadyan VRV9517)	6.00.17 build04
Telecom (Argentina)	Arcadyan VRV9518VAC23-A-OS-AM	1.01.00 build44
TelMex	PRV33AC	1.31.005.0012
TelMex	VRV7006
Telstra	Smart Modem Gen 2 (LH1000)	0.13.01r
Telus	WiFi Hub (PRV65B444A-S-TS)	v3.00.20
Telus	NH20A	1.00.10debug build06
Verizon	Fios G3100	1.5.0.10
Vodafone	EasyBox 904	4.16
Vodafone	EasyBox 903	30.05.714
Vodafone	EasyBox 802	20.02.226

Multiple Modem Routers Vulnerable to Unauthenticated Attacks

A large set of modem routers from nine vendors are vulnerable to remote unauthenticated access and device settings modification.

www.technadu.com

 

[silversurfer]

Actively exploited bug bypasses authentication on millions of routers​

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.

The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

The ongoing attacks were discovered by Juniper Threat Labs researchers while monitoring the activity of a threat actor known for targeting network and IoT devices since February.

Indicators of compromise (IOCs), including IP addresses used to launch the attacks and sample hashes, are available at the end of Juniper Threat Labs' report.

Actively exploited bug bypasses authentication on millions of routers

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.

www.bleepingcomputer.com

 

[[correlate]]

Routers and modems running Arcadyan firmware are under attack​

Routers and modems running a version of the Arcadyan firmware, including devices from ASUS, Orange, Vodafone, and Verizon, are currently under attack from a threat actor attempting to ensnare the devices into their DDoS botnet.

First spotted by security firm Bad Packets earlier this week and confirmed by Juniper Labs on Friday, the attacks are exploiting a vulnerability tracked as CVE-2021-20090.

Discovered by Tenable security researcher Evan Grant earlier this year, the vulnerability resides in the firmware code produced by Taiwanese tech firm Arcadyan.

Routers and modems running Arcadyan firmware are under attack

Routers and modems running a version of the Arcadyan firmware, including devices from ASUS, Orange, Vodafone, and Verizon, are currently under attack from a threat actor attempting to ensnare the devices into their DDoS botnet.

therecord.media