Vulnerability of devices with Arcadian firmware found. Marco VISMARA August 9, 2021
Juniper Threat Labs sounded the alarm, the vulnerability CVE-2021-20090 (CVSS v3 base score 9.8 / 10, severity: Critical) was detected in routers with Arcadyan firmware. This can be exploited by attackers to take control of the machine and reunite it with the Mirai botnet. In practice, it makes it possible to take control of the device without having to go through an authentication window. As vague and abstract as this information may sound, it becomes much more concrete when you consider that it afflicts 20 router models from 17 brands. It is even more worrying to note that many of these are the routers given by various companies to their customers, for example Vodafone, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Telstra and Telus. Credits: https://www.bleepstatic.com/images/news/u/1109292/2021/Vulnerable%20routers,%20vendors.png Although this "hole" has existed for more than ten years, the first news of this vulnerability came in late April, but only on August 3 was a proof-of-concept released.
Literally millions of routers are vulnerable to this attack. Tenant's Evan Grant posted a lengthy account of his research on the subject in Medium. Two days after the documentation was published, Juniper Threat labs detected suspicious patterns of activity that could be related to trying to exploit this flaw. The suspicious activities started from the infamous Wuhan. Taking advantage of this weakness, the pirates are trying to install a new modified version of the Mirai botnet In the full version of the Juniper report, you can see system compromise indicators (IOCs), such as IPs from which attacks are launched or example hashes.ARTICLE ROUTER ATTACK