COVID-19 Resources

Millions of Routers at Risk Due to an Authentication-Bypass Vulnerability

Written by Emily Jones on August 23, 2021

Warren Averett router image

Am I at risk?

Cyber hackers are attacking home routers and internet-of-things (IoT) devices. These attacks are occurring due to an authentication-bypass vulnerability and are affecting devices from 20 vendors and ISPs. Some of these include Arcadyan, British Telecom, HughesNet, Telstra, Verizon and more. All of these use the same firmware as Arcadyan, making millions of devices worldwide vulnerable.

How is it happening?

According to Tenable’s recent advisory, the vulnerability exists due to a list of folders that fall under a bypass list for authentication, making it triggerable through multiple paths. These attackers have been attempting to deploy a Mirai variant on affected routers; the Mirai-variant botnet is used for carrying out distributed denial-of-service (DDoS) attacks. Mirai was first seen in 2016 when it took down more than 1,200 websites, including Netflix and Twitter. But shortly after its source code was leaked, many variants began to spread and are still going today.

What actions do I need to take?

IoT devices or home gateways are very vulnerable to these attacks because most people are uninformed about these vulnerabilities and how to avoid them. To avoid compromise, users need to update the firmware on their routers.  To gather instructions on how, visit the website of your router brand and search for firmware updates related to your model.

Auth Bypass Bug Exploited, Millions of Routers Affected | Threatpost

Back to Resources