Multiple Modem Routers Vulnerable to Unauthenticated Attacks

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
Content source
https://www.technadu.com/multiple-modem-routers-vulnerable-to-unauthenticated-attacks/290716/
  • A large set of modem routers from nine vendors are vulnerable to remote unauthenticated access.
  • Some of these vendors have addressed the problem with a fixing patch, but not every model is covered.
  • Applying any available firmware updates and disabling remote WAN access to the admin panel is advisable.
Click to expand...
Researchers warn about a critical path traversal vulnerability affecting modems made by Arcadyan which use the same buggy firmware. The flaw is being tracked as CVE-2021-20090 and has a CVSS v3 score of 8.1 (critical). The vulnerability allows an attacker to bypass authentication on a target device remotely, potentially accessing private pages, sensitive information, tokens, or even altering the router settings. The discovery of this comes from the Tenable team, who also found two more flaws (91 and 92) that have a more limited impact (only Buffalo WSR-2533DHPL2).

The modem router devices that are vulnerable to CVE-2021-20090 are the following:
Click to expand...
VendorDeviceVulnerable Version
ADBADSL wireless IAD router1.26S-R-3P
ArcadyanARV751900.96.00.96.617ES
ArcadyanVRV95176.00.17 build04
ArcadyanVGV75193.01.116
ArcadyanVRV95181.01.00 build44
ASMAXBBR-4MG / SMC7908 ADSL0.08
ASUSDSL-AC88U (Arc VRV9517)1.10.05 build502
ASUSDSL-AC87VG (Arc VRV9510)1.05.18 build305
ASUSDSL-AC31001.10.05 build503
ASUSDSL-AC68VG5.00.08 build272
BeelineSmart Box Flash1.00.13_beta4
British TelecomWE410443-SA1.02.12 build02
BuffaloWSR-2533DHPL21.02
BuffaloWSR-2533DHP31.24
BuffaloBBR-4HG
BuffaloBBR-4MG2.08 Release 0002
BuffaloWSR-3200AX4S1.1
BuffaloWSR-1166DHP21.15
BuffaloWXR-5700AX7S1.11
Deutsche TelekomSpeedport Smart 3010137.4.8.001.0
HughesNetHT2000W0.10.10
KPNExperiaBox V10A (Arcadyan VRV9517)5.00.48 build453
KPNVGV75193.01.116
O2HomeBox 64411.01.36
OrangeLiveBox Fibra (PRV3399)00.96.00.96.617ES
SkinnySmart Modem (Arcadyan VRV9517)6.00.16 build01
SparkNZSmart Modem (Arcadyan VRV9517)6.00.17 build04
Telecom (Argentina)Arcadyan VRV9518VAC23-A-OS-AM1.01.00 build44
TelMexPRV33AC1.31.005.0012
TelMexVRV7006
TelstraSmart Modem Gen 2 (LH1000)0.13.01r
TelusWiFi Hub (PRV65B444A-S-TS)v3.00.20
TelusNH20A1.00.10debug build06
VerizonFios G31001.5.0.10
VodafoneEasyBox 9044.16
VodafoneEasyBox 90330.05.714
VodafoneEasyBox 80220.02.226
Click to expand...
www.technadu.com

Multiple Modem Routers Vulnerable to Unauthenticated Attacks

A large set of modem routers from nine vendors are vulnerable to remote unauthenticated access and device settings modification.
www.technadu.com
 
  • Like
  • +Reputation
  • Applause
Reactions: Nevi, The_King, Vasudev and 10 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148

Actively exploited bug bypasses authentication on millions of routers​

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.

The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.

The ongoing attacks were discovered by Juniper Threat Labs researchers while monitoring the activity of a threat actor known for targeting network and IoT devices since February.
Click to expand...
Indicators of compromise (IOCs), including IP addresses used to launch the attacks and sample hashes, are available at the end of Juniper Threat Labs' report.
Click to expand...
www.bleepingcomputer.com

Actively exploited bug bypasses authentication on millions of routers

Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Thanks
Reactions: Mercenary, brambedkar59, Nevi and 7 others
[correlate]

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801

Routers and modems running Arcadyan firmware are under attack​

Routers and modems running a version of the Arcadyan firmware, including devices from ASUS, Orange, Vodafone, and Verizon, are currently under attack from a threat actor attempting to ensnare the devices into their DDoS botnet.

First spotted by security firm Bad Packets earlier this week and confirmed by Juniper Labs on Friday, the attacks are exploiting a vulnerability tracked as CVE-2021-20090.

Discovered by Tenable security researcher Evan Grant earlier this year, the vulnerability resides in the firmware code produced by Taiwanese tech firm Arcadyan.
Click to expand...
therecord.media

Routers and modems running Arcadyan firmware are under attack

Routers and modems running a version of the Arcadyan firmware, including devices from ASUS, Orange, Vodafone, and Verizon, are currently under attack from a threat actor attempting to ensnare the devices into their DDoS botnet.
therecord.media therecord.media
 
  • Like
Reactions: Gandalf_The_Grey, brambedkar59, upnorth and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,167
News Archive
codswollip
codswollip
LASER_oneXM
    • Like
277,000 routers exposed to Eternal Silence attacks via UPnP
Replies
0
Views
751
News Archive
LASER_oneXM
LASER_oneXM
LASER_oneXM
    • Like
    • +Reputation
    • Wow
Nine WiFi routers used by millions were vulnerable to 226 flaws
Replies
0
Views
824
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top