720-891-1663
Return to the list of client alerts
One more time, this is a form of a supply chain attack and a reason why we need to make Software Bill of Materials available to customers.
The flaw is in the Arcadyan firmware used in the web interface of many routers.
The vulnerability is rated 9.9 out of 10. It allows a hacker to bypass the need to have a userid and password to get to the router’s control panel.
Juniper discovered these threats in the wild and says they have been going on since February.
The routers affect multiple ISPs, multiple router vendors and multiple router models.
The Arcadyan firmware has been around for at least 10 years, which explains why it affects so many vendors.
The attacks started TWO DAYS after Proof of Concept code was released.
Many of these routers will never be patched and those networks will be a hacker’s playground, even if the routers are eventually replaced. DO YOU HAVE ANY WAY TO KNOW IF YOUR EMPLOYEES’ WORK FROM HOME ROUTERS AND HENCE YOUR COMPUTERS ARE VULNERABLE?
Among the vendors affected are Asus, British Telecom, Buffalo, Deutsche Telecom, HughesNet, Verizon, Vodafone and others.
Likely there are many more products that are vulnerable but SOME vendors may not even know their routers and customers are at risk because they don’t have a software bill of material for any or all of their routers — until enough of their routers are attacked. Credit: Bleeping Computer