Table of Contents
  • Home
  • /
  • Blog
  • /
  • Routers Affected By Critical Authentication Bypass Vulnerability CVE-2021-20090
August 13, 2021
|
3m

Routers Affected By Critical Authentication Bypass Vulnerability CVE-2021-20090


Routers Affected By Critical Authentication Bypass Vulnerability Cve 2021 20090

Researchers identified a critical authentication bypass vulnerability (CVE-2021-20090) affecting multiple routers and internet-of-things (IoT) devices. Analysis report says that the vulnerability affects devices from 20 different vendors and ISPs. Let’s explore the list of routers affected by critical authentication bypass vulnerability and countermeasures to mitigate the vulnerability.

Table of Contents

Routers Affected By Critical Authentication Bypass Vulnerability:

The authentication bypass vulnerability tracked as CVE-2021-20090 affecting devices of multiple vendors and ISPs. The flaw affects the routers which use the same firmware from Arcadyan. Let’s see the list of routers affected by critical authentication bypass vulnerability.

  1. ADB

  2. Arcadyan

  3. ASMAX

  4. ASUS

  5. Beeline

  6. British Telecom

  7. Buffalo

  8. Deutsche Telekom

  9. HughesNet

  10. KPN

  11. O2

  12. Orange

  13. Skinny

  14. SparkNZ

  15. Telecom [Argentina]

  16. TelMex

  17. Telstra

  18. Telus

  19. Verizon

  20. Vodafone

CVE-2021-20090:

This is a path traversal vulnerability that leads to an authentication bypass in the web interfaces of routers with Arcadyan firmware. This vulnerability allows the attacker to circumvent authentication and gain access to sensitive information like valid request tokens, which can be used to tweak the device settings by constructing the request. Considering this, the CVSS score is kept 9.9 for this vulnerability.

The PoC published by Tenable shows, how to modify the configuration of a device to enable telnet on a vulnerable router and gain root-level shell access to the device.

“The vulnerability exists due to a list of folders which fall under a ‘bypass list’ for authentication,” According to Tenable, “The vulnerability can be triggered by multiple paths. For a device in which  requires authentication, an attacker could access index.htm using the following paths:”

After a couple of days from publish, Juniper Threat Labs identified attack patterns that attempt to exploit this vulnerability in the wild. Juniper reported that the attacks originated from an IP address (27.22.80[.]19) located in Wuhan, Hubei province, China. In the same post, Juniper also wrote, The attacker abused the vulnerability to deploy a Mirai variant on the affected routers using scripts reported by  Palo Alto Networks in March 2021.

In these new attacks, the actor does not just try exploiting the CVE-2021-20090. There are few other vulnerabilities too:

  1. CVE-2020-29557 (DLink routers)

  2. CVE-2021-1497 and CVE-2021-1498 (Cisco HyperFlex)

  3. CVE-2021-31755 (Tenda AC11)

  4. CVE-2021-22502 (MicroFocus OBR)

  5. CVE-2021-22506 (MicroFocus AM)

Countermeasures To Mitigate The Critical Authentication Bypass Vulnerability:

The most effective countermeasure to mitigate the attack is firmware upgradation or apply the patch if your vendor rolls out. We recommend following these tips that stop you from being the victim of many other attacks.

Tips to secure your Wi-Fi:

  • Create a strong and unique password

  • Enable network encryption

  • Filter the MAC addresses

  • Reducing the wireless signal range

  • Upgrade the router’s firmware

  • Make use of guest network

Please be aware of routers affected by critical authentication bypass vulnerability (CVE-2021-20090) and take the action against the vulnerability if you have the router listed in the post.

Thanks for reading this threat post. Please share this post and help to create awareness.

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Cloud & OS Platforms

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe