Millions of routers could now be bots - is your model

Safety researchers discovered vulnerabilities for routers that can exploit attackers to use them for a bot network. A list shows affected routers of the Telekom, Vodafone and also O2. If your router is there, you should now urgently change something.

Why are routers to bots? By taking advantage of vulnerabilities, attackers get in areas of routers that actually need authentication. Routers are affected by at least 13 providers distributed in 11 countries.

Now it seems that the "hackers", which make these weak points make use of the routers to share a bot network.

Router of Telekom, O2, Vodafone, ASUS affected

How does the attack work? The researchers of Tenable discovered the security gap CVE-2021-20090. It allows attackers to avoid the authentication of the web interface of routers. This allows you to access devices in the home network or corporate network.

As Hothardware reports, attackers will find one side of the router standing on a Bypass_list (via Hothardware.com). Anyone who tinkes a bit but can also hang a "/info.html" or other pages to the URL as long as the bypass list option is at the beginning of the URL. Thus, one uses on pages for which one would normally have to authenticate.

Who attacks there? Only a few days after this vulnerability, Mounir Hahad and Alex Burt reported by Juniper Networks that attackers already use (via juniper.net). There it says "Since the 5th of August we have identified some attack patterns that try to exploit this vulnerability from an IP address in Wuhan, Hubei, China, China."

These active exploitation attempts wanted to try to use a Mirai Botnet variant on the vulnerable routers.

The list of possible vulnerable routers comes from Tenable (via tenable.com):

You can do that if your router is there

So you secure: If your router should be on the list above, you can contact your Internet service provider or the manufacturer of the router. You can explain to you how to push the security gap. There may already be a firmware update for your device that fixes this vulnerability.

More on the subject

• Because a guy changed his settings on the router, millions could not see twitch
• A security gap at EA endangered around 300 million accounts in 2019
• For whom pays off a gaming router?

Is your router affected by the new security gap? If not, you can prepare for the future of your PC. Because "Windows 11" is already on everyone's lips. The new operating system should be released this year.

Lest here on Meinmom over the 5 things that you have to know about Windows 11. So you are optimally prepared when you want to update your PC.