Written by: Jay H.
On August 7, BleepingComputer published an article detailing an actively exploited bug affecting millions of routers from various vendors and ISPs.
This bug lets hackers remotely bypass authentication and deploy Mirai botnet malicious payloads on your router. If your router is impacted, hackers could take over and wreak havoc on your network!
Millions Of Routers At Risk
The vulnerability impacts routers with Arcadyan firmware and affects dozens of router models from vendors and ISPs like ASUS, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus. Given the massive list of impacted vendors and router models, there are likely millions of routers susceptible to this vulnerability.
“Given that most people may not even be aware of the security risk and won’t be upgrading their device anytime soon, this attack tactic can be very successful, cheap and easy to carry out,” said Juniper Threat Labs.
The following list includes all known impacted devices and vendors, including vulnerable firmware versions:
Vendor |
Device |
Found on version |
ADB |
ADSL wireless IAD router |
1.26S-R-3P |
Arcadyan |
ARV7519 |
00.96.00.96.617ES |
Arcadyan |
VRV9517 |
6.00.17 build04 |
Arcadyan |
VGV7519 |
3.01.116 |
Arcadyan |
VRV9518 |
1.01.00 build44 |
ASMAX |
BBR-4MG / SMC7908 ADSL |
0.08 |
ASUS |
DSL-AC88U (Arc VRV9517) |
1.10.05 build502 |
ASUS |
DSL-AC87VG (Arc VRV9510) |
1.05.18 build305 |
ASUS |
DSL-AC3100 |
1.10.05 build503 |
ASUS |
DSL-AC68VG |
5.00.08 build272 |
Beeline |
Smart Box Flash |
1.00.13_beta4 |
British Telecom |
WE410443-SA |
1.02.12 build02 |
Buffalo |
WSR-2533DHPL2 |
1.02 |
Buffalo |
WSR-2533DHP3 |
1.24 |
Buffalo |
BBR-4HG |
|
Buffalo |
BBR-4MG |
2.08 Release 0002 |
Buffalo |
WSR-3200AX4S |
1.1 |
Buffalo |
WSR-1166DHP2 |
1.15 |
Buffalo |
WXR-5700AX7S |
1.11 |
Deutsche Telekom |
Speedport Smart 3 |
010137.4.8.001.0 |
HughesNet |
HT2000W |
0.10.10 |
KPN |
ExperiaBox V10A (Arcadyan VRV9517) |
5.00.48 build453 |
KPN |
VGV7519 |
3.01.116 |
O2 |
HomeBox 6441 |
1.01.36 |
Orange |
LiveBox Fibra (PRV3399) |
00.96.00.96.617ES |
Skinny |
Smart Modem (Arcadyan VRV9517) |
6.00.16 build01 |
SparkNZ |
Smart Modem (Arcadyan VRV9517) |
6.00.17 build04 |
Telecom (Argentina) |
Arcadyan VRV9518VAC23-A-OS-AM |
1.01.00 build44 |
TelMex |
PRV33AC |
1.31.005.0012 |
TelMex |
VRV7006 |
|
Telstra |
Smart Modem Gen 2 (LH1000) |
0.13.01r |
Telus |
WiFi Hub (PRV65B444A-S-TS) |
v3.00.20 |
Telus |
NH20A |
1.00.10debug build06 |
Verizon |
Fios G3100 |
2.0.0.6 |
Vodafone |
EasyBox 904 |
4.16 |
Vodafone |
EasyBox 903 |
30.05.714 |
Vodafone |
EasyBox 802 |
20.02.226 |
Update Your Router’s Firmware Immediately
Hackers right now are exploiting this vulnerability and trying to get into susceptible routers like yours. You need to update your router immediately if you are affected. Even if you do not think you’re impacted, keeping your router updated to the latest firmware version is a good cybersecurity practice.
To update your router’s firmware, log into your router’s interface by typing the IP address into your web browser. Then find a section that says Firmware or Update and download the latest firmware from your router’s manufacturer’s website. Then, upload the firmware and reboot your router.
Fortify Your Cyber Defenses
Threat actors are constantly looking for new vulnerabilities to exploit for their own gain. Your business needs a comprehensive cybersecurity strategy in place to combat hackers and protect your networks. Partnering with a managed IT service provider like Design2Web IT is one of the best ways to protect your organization from malefactors. Contact us to learn more about how we fortify your organization’s cyber defenses.
Comments are closed.