• Home
  • |
  • Blog
  • |
  • Routers Affected By Critical Authentication Bypass Vulnerability CVE-2021-20090
Routers Affected by Critical Authentication Bypass Vulnerability CVE-2021-20090

Researchers identified a critical authentication bypass vulnerability (CVE-2021-20090) affecting multiple routers and internet-of-things (IoT) devices. Analysis report says that the vulnerability affects devices from 20 different vendors and ISPs. Let’s explore the list of routers affected by critical authentication bypass vulnerability and countermeasures to mitigate the vulnerability.

Routers Affected By Critical Authentication Bypass Vulnerability:

The authentication bypass vulnerability tracked as CVE-2021-20090 affecting devices of multiple vendors and ISPs. The flaw affects the routers which use the same firmware from Arcadyan. Let’s see the list of routers affected by critical authentication bypass vulnerability.

  1. ADB
  2. Arcadyan
  3. ASMAX
  4. ASUS
  5. Beeline
  6. British Telecom
  7. Buffalo
  8. Deutsche Telekom
  9. HughesNet
  10. KPN
  11. O2
  12. Orange
  13. Skinny
  14. SparkNZ
  15. Telecom [Argentina]
  16. TelMex
  17. Telstra
  18. Telus
  19. Verizon
  20. Vodafone

CVE-2021-20090:

This is a path traversal vulnerability that leads to an authentication bypass in the web interfaces of routers with Arcadyan firmware. This vulnerability allows the attacker to circumvent authentication and gain access to sensitive information like valid request tokens, which can be used to tweak the device settings by constructing the request. Considering this, the CVSS score is kept 9.9 for this vulnerability.

The PoC published by Tenable shows, how to modify the configuration of a device to enable telnet on a vulnerable router and gain root-level shell access to the device.

“The vulnerability exists due to a list of folders which fall under a ‘bypass list’ for authentication,” According to Tenable, “The vulnerability can be triggered by multiple paths. For a device in which /index.htm” rel=”noreferrer noopener”>http://<ip>/index.htm requires authentication, an attacker could access index.htm using the following paths:”

After a couple of days from publish, Juniper Threat Labs identified attack patterns that attempt to exploit this vulnerability in the wild. Juniper reported that the attacks originated from an IP address (27.22.80[.]19) located in Wuhan, Hubei province, China. In the same post, Juniper also wrote, The attacker abused the vulnerability to deploy a Mirai variant on the affected routers using scripts reported by  Palo Alto Networks in March 2021.

In these new attacks, the actor does not just try exploiting the CVE-2021-20090. There are few other vulnerabilities too:

  1. CVE-2020-29557 (DLink routers)
  2. CVE-2021-1497 and CVE-2021-1498 (Cisco HyperFlex)
  3. CVE-2021-31755 (Tenda AC11)
  4. CVE-2021-22502 (MicroFocus OBR)
  5. CVE-2021-22506 (MicroFocus AM)

Countermeasures To Mitigate The Critical Authentication Bypass Vulnerability:

The most effective countermeasure to mitigate the attack is firmware upgradation or apply the patch if your vendor rolls out. We recommend following these tips that stop you from being the victim of many other attacks.

Tips to secure your Wi-Fi:

  • Create a strong and unique password
  • Enable network encryption
  • Filter the MAC addresses
  • Reducing the wireless signal range
  • Upgrade the router’s firmware
  • Make use of guest network

Please be aware of routers affected by critical authentication bypass vulnerability (CVE-2021-20090) and take the action against the vulnerability if you have the router listed in the post.

Thanks for reading this threat post. Please share this post and help to create awareness.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.