The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Router Firmware Vulnerability Bypasses Authentication

by Chris Brook on Monday August 9, 2021

Contact Us
Free Demo
Chat

A vulnerability found in some routers and modems could make the devices vulnerable to authentication bypass and in turn, allow attackers access to sensitive information.

It’s easy to neglect our routers.

Even after they’re out of the box and configured – ideally after you’ve changed their default username and password – the most the device does is sit there alongside your modem, forever a blinking beacon on a shelf.

It isn't until a vulnerability surfaces, usually accompanied by the words "critical" or "bypass" that hopefully they command our attention.

That's the case this week as router owners are being urged to pay attention to a particularly troublesome path traversal vulnerability in routers (and modems) that run the Arcadyan firmware. A Taiwanese OEM of DSL routers, Arcadyan can be found in devices manufactured by ASUS, Orange, Vodafone, and Verizon, to name a few.

Researchers warned last week that attackers are actively exploiting the vulnerability, CVE-2021-20090, and that it can lead to an authentication bypass, something which of course can lead to device takeover.

While the CVE is new, the vulnerability isn't, it's actually existed in some form or another, in models from multiple vendors, for at least 10 years, according to Evan Grant, a staff research engineer for Tenable who uncovered the vulnerability and wrote about it earlier this month.

The security community doubled down on Tenable's outcry over the vulnerability last week when researchers with Juniper Threat Labs saw it being exploited via an IP address in China. Specifically, researchers saw attackers distributing a variant of the Mirai botnet via scripts.

“Given that most people may not even be aware of the security risk and won’t be upgrading their device anytime soon, this attack tactic can be very successful, cheap and easy to carry out,” the researchers wrote of the vulnerability.

What’s most likely, the researchers posit, is that a group there is periodically added new proof of concept exploits to its arsenal; over the past two months the group has been observed exploiting CVEs in D-Link routers, Cisco HyperFlex systems, and now potentially millions of home routers and modems.

While the exact number of vulnerable devices is uncertain, if the vulnerability is indeed 10 years old and found on devices that run on Arcadyan firmware - 37 different devices are listed on Tenable's advisory - it could have a far-reaching outcome.

As exploitation is clearly beginning to ramp up, if you have one of the potentially vulnerable routers - again, full list here - it's worth inquiring with the vendor on whether there are patches available.

In addition to updating your router to the latest firmware version, Carnegie Mellon University's CERT Coordination Center also recommends disabling any remote WAN-side administration services along with any web interfaces if they're present.

Tags: Vulnerabilities

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.