1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This venerable security vulnerability has exposed millions of rou

    From TechnologyDaily@1337:1/100 to All on Wed Aug 4 11:30:03 2021
    This venerable security vulnerability has exposed millions of routers to attack

    Date:
    Wed, 04 Aug 2021 10:24:43 +0000

    Description:
    At least 20 different devices are affected, new research claims.

    FULL STORY ======================================================================

    A 12-year-old security vulnerability may be affecting routers built by dozens of manufacturers, exposing millions of users worldwide.

    According to researchers from security firm Tenable, the CVE-2021-20090 vulnerability made its way into modern routers due to the reusing of old (and insecure) software code.

    The experts believe it could affect at least 20 different devices across 17 different vendors, including Internet Service Providers (ISP) in Argentina, Australia, Canada, Germany, Japan, Mexico, Netherlands, New Zealand, Russia, Spain, and the US. Heres our list of the best secure routers right now Weve built a list of the best small business routers on the market Check out our list of the best endpoint protection available

    The vulnerability is a path traversal/authentication bypass, which allows attackers to reconfigure the target router and have it serve malicious
    content to end users. They could also use it to attack devices connected to the routers Local Area Network (LAN). With a little additional motivation,
    the report states, the attackers could also use the authentication bypass to access features that could lead them to further vulnerabilities.

    Given the current trend for a remote, home based, workforce, the report states, this not only impacts consumers but has the potential to expose organizations to further uncontrolled risk.

    For Evan Grant, staff research engineer at Tenable, this is absolutely the vendors responsibility, and they now need to step up and take action.

    Consumers shouldnt have to worry that their ISP-provided device will leave them, or their employers, open to attack, he said. Vendor responsibility

    The vendors affected should be taking steps to mitigate the impact of these vulnerabilities on themselves, and their customers. Beyond that,
    collaboration across all stakeholders manufacturers, vendors, security researchers is imperative to overcome the difficulties of reporting vulnerabilities found in shared software libraries and remediate all affected products efficiently.

    But its not just the problem of a handful of vendors, the report concludes. This is an industry-wide problem, as there are significant downstream effects that come with reused vulnerable software code.

    Small and medium-sized businesses, should they fall victim to these attacks, could end up losing sensitive data, as well as revenue. Here's our rundown of the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-venerable-security-vulnerability-has-expos ed-millions-of-routers-to-attack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)