[German]Routers and modems from the Taiwan-based manufacturer Arcadyan have a CVE-2021-20090 vulnerability that can be used to bypass authentication. The routers and modems are sold under many trade names by other manufacturers.
The vulnerability was discovered by Tenable and described in this document. The CERT has meanwhile published this security advisory for the vulnerability CVE-2021-20090 as of July 20, 2021.
A path traversal vulnerability (CVE-2021-20090) exists in numerous routers from various vendors that use the Arcadyan-based firmware. This vulnerability allows an unauthenticated user to access sensitive information that is normally protected, and now allows a change to the router configuration.
If this vulnerability is successfully exploited, an attacker can access pages that would otherwise require authentication. An unauthenticated attacker could gain access to sensitive information, including valid request tokens that could be used to make requests to change router settings.
The security researcher who discovered the vulnerability initially assumed it was limited to one router vendor and published his findings, but then discovered the problem exists in Arcadyan-based software used in routers from multiple vendors. Tenable has this list of affected devices:
Vendor |
Device |
Found on version |
ADB |
ADSL wireless IAD router |
1.26S-R-3P |
Arcadyan |
ARV7519 |
00.96.00.96.617ES |
Arcadyan |
VRV9517 |
6.00.17 build04 |
Arcadyan |
VGV7519 |
3.01.116 |
Arcadyan |
VRV9518 |
1.01.00 build44 |
ASMAX |
BBR-4MG / SMC7908 ADSL |
0.08 |
ASUS |
DSL-AC88U (Arc VRV9517) |
1.10.05 build502 |
ASUS |
DSL-AC87VG (Arc VRV9510) |
1.05.18 build305 |
ASUS |
DSL-AC3100 |
1.10.05 build503 |
ASUS |
DSL-AC68VG |
5.00.08 build272 |
Beeline |
Smart Box Flash |
1.00.13_beta4 |
British Telecom |
WE410443-SA |
1.02.12 build02 |
Buffalo |
WSR-2533DHPL2 |
1.02 |
Buffalo |
WSR-2533DHP3 |
1.24 |
Buffalo |
BBR-4HG |
|
Buffalo |
BBR-4MG |
2.08 Release 0002 |
Buffalo |
WSR-3200AX4S |
1.1 |
Buffalo |
WSR-1166DHP2 |
1.15 |
Buffalo |
WXR-5700AX7S |
1.11 |
Deutsche Telekom |
Speedport Smart 3 |
010137.4.8.001.0 |
HughesNet |
HT2000W |
0.10.10 |
KPN |
ExperiaBox V10A (Arcadyan VRV9517) |
5.00.48 build453 |
KPN |
VGV7519 |
3.01.116 |
O2 |
HomeBox 6441 |
1.01.36 |
Orange |
LiveBox Fibra (PRV3399) |
00.96.00.96.617ES |
Skinny |
Smart Modem (Arcadyan VRV9517) |
6.00.16 build01 |
SparkNZ |
Smart Modem (Arcadyan VRV9517) |
6.00.17 build04 |
Telecom (Argentina) |
Arcadyan VRV9518VAC23-A-OS-AM |
1.01.00 build44 |
TelMex |
PRV33AC |
1.31.005.0012 |
TelMex |
VRV7006 |
|
Telstra |
Smart Modem Gen 2 (LH1000) |
0.13.01r |
Telus |
WiFi Hub (PRV65B444A-S-TS) |
v3.00.20 |
Telus |
NH20A |
1.00.10debug build06 |
Verizon |
Fios G3100 |
1.5.0.10 |
Vodafone |
EasyBox 904 |
4.16 |
Vodafone |
EasyBox 903 |
30.05.714 |
Vodafone |
EasyBox 802 |
20.02.226 |
The CERT/CC recommends updating the router to the latest available firmware version. It is also recommended to disable the remote administration services (WAN side) on each SoHo router and also disable the web interface on the WAN.