Millions of routers at risk from a vulnerability
This security breach has been logged as CVE-2021-20090 and rated 9.9 out of 10 for its severity. These attacks were discovered by security researchers at Juniper Threat Labs. The problem, which affects the firmware of the devices, can be exploited remotely.
It should be noted that it affects a large number of models. In fact, it is estimated that there may be millions of routers affected worldwide. It affects multiple international providers such as British Telecom, Deutsche Telecom, Orange, O2 (Telefónica) or Vodafone. It affects both ADSL and fiber models.
From Tenable they published a list of all affected models and suppliers. Also, last week they released a proof of concept to exploit the bug. It is a vulnerability that has existed for at least 10 years and, just a couple of days after launching the proof of concept, they have detected attacks.
Many outdated routers
The main problem, as indicated by security researchers, is that many users will maintain the router not updated. This is a significant problem, since this vulnerability will not be corrected and attackers will have a large number of routers that can be exploited.
To solve this problem, users should update their routers as soon as possible. Juniper Threat Labs have issued an informative document where they explain in detail how this attack works and how they could take advantage of the affected models.
This security flaw affects models even since 2008. Therefore, there may be many around the world that have one of these versions and, without knowing it, are vulnerable to being attacked and specifically exploiting the security flaw registered as CVE-2021-20090.
It affects IoT devices
But this vulnerability not only affects routers, but also puts many others at risk IoT devices They use the same vulnerable codebase. This makes many household equipment, such as televisions, smart light bulbs and many others of what is known as the Internet of Things, can be vulnerable.
Our advice, as we always say, is to keep everything correctly updated. Updating the firmware of the router and of any other equipment that we have connected to the network is vital. This allows us to correct vulnerabilities like this one that we mentioned and that can be the entry point for hackers.
In short, we are facing a new and serious security breach which affects many models of routers. It is estimated that there may be millions around the world, since it is a problem present in many models and suppliers. It is essential to keep the devices updated and thus correct it as soon as possible.