Hackers have rapidly began exploiting a flaw in routers and modems from a variety of vendors that share the same underlying firmware.
Tenable, a cybersecurity firm, released a blog post on August 3 revealing a vulnerability in routers that use firmware from Arcadyan, a Taiwan-based networking solutions vendor.
Tenable’s researchers uncovered a series of flaws in Buffalo routers, a Japanese networking and storage device manufacturer. A detailed examination revealed that a path traversal issue, known as CVE-2021-20090, affects Arcadyan routers and modems, as well as at least 19 additional other vendors who utilise Arcadyan firmware.
An unauthenticated attacker can exploit the vulnerability, which affects many vendors, to circumvent authentication and take control of vulnerable devices by getting root shell access.
Juniper Networks began observing efforts to exploit CVE-2021-20090 in the wild a few days after Tenable revealed technical information regarding the vulnerability in the wild. An analysis of the attacks disclosed ties to a botnet discovered earlier this year by Juniper and Palo Alto Networks.
The botnet, which is driven by a variation of the infamous Mirai malware, aims to ensnare IoT devices by exploiting a wide range of vulnerabilities. Botnets based on Mirai are commonly used to launch Distributed Denial-of-Service (DDoS) attacks.
According to Juniper, the botnet operators added exploits for D-Link, Cisco, Tenda, Micro Focus, and other devices to their arsenal between June 6 and July 23.
For these attacks, Juniper has released Indicators of Compromise (IOCs),