Routers Affected By Critical Authentication Bypass Vulnerability CVE-2021-20090

Researchers identified a critical authentication bypass vulnerability (CVE-2021-20090) affecting multiple routers and internet-of-things (IoT) devices. Analysis report says that the vulnerability affects devices from 20 different vendors and ISPs. Let’s explore the list of routers affected by critical authentication bypass vulnerability and countermeasures to mitigate the vulnerability.

Table of Contents

Routers Affected By Critical Authentication Bypass Vulnerability:

The authentication bypass vulnerability tracked as CVE-2021-20090 affecting devices of multiple vendors and ISPs. The flaw affects the routers which use the same firmware from Arcadyan. Let’s see the list of routers affected by critical authentication bypass vulnerability.

CVE-2021-20090:

This is a path traversal vulnerability that leads to an authentication bypass in the web interfaces of routers with Arcadyan firmware. This vulnerability allows the attacker to circumvent authentication and gain access to sensitive information like valid request tokens, which can be used to tweak the device settings by constructing the request. Considering this, the CVSS score is kept 9.9 for this vulnerability.

The PoC published by Tenable shows, how to modify the configuration of a device to enable telnet on a vulnerable router and gain root-level shell access to the device.

“The vulnerability exists due to a list of folders which fall under a ‘bypass list’ for authentication,” According to Tenable, “The vulnerability can be triggered by multiple paths. For a device in which  requires authentication, an attacker could access index.htm using the following paths:”

After a couple of days from publish, Juniper Threat Labs identified attack patterns that attempt to exploit this vulnerability in the wild. Juniper reported that the attacks originated from an IP address (27.22.80[.]19) located in Wuhan, Hubei province, China. In the same post, Juniper also wrote, The attacker abused the vulnerability to deploy a Mirai variant on the affected routers using scripts reported by  Palo Alto Networks in March 2021.

In these new attacks, the actor does not just try exploiting the CVE-2021-20090. There are few other vulnerabilities too:

Countermeasures To Mitigate The Critical Authentication Bypass Vulnerability:

The most effective countermeasure to mitigate the attack is firmware upgradation or apply the patch if your vendor rolls out. We recommend following these tips that stop you from being the victim of many other attacks.

Tips to secure your Wi-Fi:

Please be aware of routers affected by critical authentication bypass vulnerability (CVE-2021-20090) and take the action against the vulnerability if you have the router listed in the post.

Thanks for reading this threat post. Please share this post and help to create awareness.