Dark Mirai botnet exploits RCE vulnerability in TP-Link routers

Dark Mirai botnet exploits RCE vulnerability in TP-Link routers

Cybersecurity experts have become aware of the active exploitation of a vulnerability affecting millions of routers. As noted by experts, the owners of routers running on Arcadyan firmware are under threat.

The attackers behind the attacks are trying to recruit vulnerable devices into their Mirai botnet. To do this, the attackers exploit a critical vulnerability under the CVE-2021-20090 identifier . On the CVSS scale, the bug scored 9.9 out of 10, and if successfully used, it allows a remote criminal to bypass authentication.

Juniper Threat Labs experts spoke about the attacks on routers , since since February 2021 they have been “leading” a cybercriminal group known for their attacks on IoT devices and monitoring all the activity associated with such campaigns.

Among the vulnerable devices, there are dozens of models of routers produced by completely different companies: Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra and Telus.

Since the vulnerability affects many router models and manufacturers, experts estimate that in total, millions of users could be at risk. It is noteworthy that Tenable was the first to tell about the vulnerability , which published a warning in April .

And at the beginning of August, a full-fledged PoC code (proof-of-concept) was already released. What’s more, the researchers noted that CVE-2021-20090 has been around for at least a decade, and previously the hole had leaked to about 20 router models through the supply chain.

The list of vulnerable routers can be found in the image below:

Catch up on more stories here

Follow us on Facebook here

Leave a Reply