News

Hackers attack modems and routers with Arcadyan firmware

Arcadyan-based routers and modems (including Asus, Orange, Vodafone and Verizon devices) are attacked by a hacker trying to make them part of his Mirai-based DDoS botnet.

The attacks were first noticed at the end of last week by specialists from Bad Packets. Soon, Juniper Labs analysts confirmed the existence of the problem, reporting that as part of this malicious campaign, unknown attackers exploited the CVE-2021-20090 vulnerability (9.9 points out of 10 on the CVSS scale).

This issue allows bypassing authentication and enabling Telnet on problematic routers and modems, giving an attacker the ability to remotely connect to compromised devices.

As of 2021-08-05T04:09:44Z, DDoS botnet operators are scanning the internet for Buffalo routers vulnerable to CVE-2021-20091. This vulnerability allows attackers to alter device configuration leading to remote code execution.Bad Packets researchers report.

A vulnerability in the firmware of the Taiwanese firm Arcadyan was found earlier this year by Tenable. They state that the problem has existed in the code for at least 10 years and is now found in the firmware of at least 20 models of routers and modems sold by 17 different manufacturers who base their products on old white-label Arcadyan devices.

As a result, devices of the largest suppliers and Internet providers, including Asus, Orange, Vodafone, Telstra, Verizon, Deutsche Telekom, British Telecom, and so on, were exposed to the vulnerability. The total number of devices vulnerable to attacks is likely to be in the millions, experts warn.

modems with Arcadyan firmware

The vulnerability that was discovered in April received a patch in the same month and until recently was not attacked. The cybercriminals noticed the problem only after Tenable’s information security specialist published its detailed technical description, as well as a PoC exploit. According to Bad Packets, this exploit that is now being used for attacks that originate from IP addresses located in Wuhan, China.

Researchers believe that hacker behind the attacks has been already discovered by Palo Alto Networks in the spring of 2021. Back then, his botnet was targeting IoT devices and security devices.

Let me remind you that we wrote that Mirai Botnet Comes with new 11 Exploits to Attack Enterprise Devices.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button