A serious security breach puts millions of routers around the world at risk. This is a critical vulnerability that prevents authentication and affects home devices using Arcadyan firmware . This allows an attacker to control them and carry out attacks using the Mirai botnet. This problem affects many telephone models and operators.
Millions of routers at risk from a vulnerability
This security flaw has been registered as CVE-2021-20090 and rated 9.9 out of 10 for its severity. These attacks were discovered by security researchers at Juniper Threat Labs. The problem, which affects the firmware of the devices, can be exploited remotely.
It should be noted that it affects a large number of models . In fact, it is estimated that there may be millions of routers affected worldwide. It affects multiple international providers such as British Telecom, Deutsche Telecom, Orange, O2 (Telefónica) or Vodafone. It affects both ADSL and fiber models.
From Tenable they published a list with all the affected models and suppliers. Also, last week they released a proof of concept to exploit the bug. This is a vulnerability that has existed for at least 10 years and, just a couple of days after launching the proof of concept, they have detected attacks.
Many outdated routers
The main problem, as indicated by security researchers, is that many users will keep the router without updating . This is a major problem, since this vulnerability will not be corrected and the attackers will have a large number of routers that can be exploited.
To solve this problem, users should update their routers as soon as possible. Juniper Threat Labs have issued an informative document where they explain in detail how this attack works and how they could take advantage of the affected models.
This security flaw affects models even since 2008. Therefore, there may be many around the world that have one of these versions and, without knowing it, are vulnerable to being attacked and specifically exploiting the security flaw registered as CVE-2021-20090.
Affects IoT devices
But this vulnerability not only affects routers, it also puts at risk many other IoT devices that use the same vulnerable codebase. This makes many household equipment, such as televisions, smart light bulbs and many others of what is known as the Internet of Things, can be vulnerable.
Our advice, as we always say, is to keep everything correctly updated. Updating the firmware of the router and of any other equipment that we have connected to the network is vital. This allows us to correct vulnerabilities like this one that we mentioned and that can be the entry point for hackers.
In short, we are facing a new and serious security flaw that affects many models of routers. It is estimated that there may be millions around the world, since it is a problem present in many models and suppliers. It is essential to keep the devices updated and thus correct it as soon as possible.