A security alert was recently posted, saying that over 36 models of Wi-Fi home routers are under attack by botnet malware! People using any of the identified models are recommended to download their security fix immediately.
A first alert came from a researcher named Evan Grant, who found the flaw in a Buffalo-branded Wi-Fi router. He created a detailed blog post report, explaining that malicious actors can bypass the authentication process in the router and access pages that should have been restricted. The report was submitted to Buffalo, who responded and released a patch fix by April.
However, three unfortunate events happened afterward.
- The security flaw, labeled as CVE-2021-20090, was discovered in many other Wi-Fi routers from different brands.
- Many malicious actors used Evan's report to activate and exploit the security weakness.
- Not all Wi-Fi routers have updated their firmware to fix the problem.
Botnet Malware Hacks Your Internet Router
The Carnegie Mellon University explained that CVE-2021-20090 is a vulnerability that allows unauthenticated users to access the firmware information and alter router configuration.
In highlight, hackers can steal your internet and plant botnet malware that would infect the routers. Victims might encounter a lot of spam and distributed denial-of-service (DDoS) problems during the attack.
List of WiFi Routers That Could Be Infected
Tom's Guide provided the full list of known Wi-Fi home routers with firmware vulnerabilities. Note that many of these are either bought from popular brands or provided by local internet service providers.
Quickly check if you own any of these Wi-Fi home router devices. The description should be found at the back or the bottom of your router.
- ADB: ADSL wireless IAD router
- Arcadyan: ARV7519
- Arcadyan: VRV9517
- Arcadyan: VGV7519
- Arcadyan: VRV9518
- ASMAX: BBR-4MG / SMC7908 ADSL
- ASUS: DSL-AC88U (Arc VRV9517)
- ASUS: DSL-AC87VG (Arc VRV9510)
- ASUS: DSL-AC3100
- ASUS: DSL-AC68VG
- Beeline: Smart Box Flash
- British Telecom: WE410443-SA
- Buffalo: WSR-2533DHPL2
- Buffalo: WSR-2533DHP3
- Buffalo: BBR-4HG
- Buffalo: BBR-4MG 2
- Buffalo: WSR-3200AX4S
- Buffalo: WSR-1166DHP2
- Buffalo: WXR-5700AX7S
- Deutsche Telekom: Speedport Smart 3
- HughesNet: HT2000W
- KPN: ExperiaBox V10A (Arcadyan VRV9517)
- KPN: VGV7519
- O2: HomeBox 6441
- Orange: LiveBox Fibra (PRV3399)
- Skinny: Smart Modem (Arcadyan VRV9517)
- SparkNZ: Smart Modem (Arcadyan VRV9517)
- Telecom (Argentina): Arcadyan VRV9518VAC23-A-OS-AM
- TelMex: PRV33AC
- TelMex: VRV7006
- Telstra: Smart Modem Gen 2 (LH1000)
- Telus: WiFi Hub (PRV65B444A-S-TS)
- Telus: NH20A 1.00.10
- Verizon: Fios G3100
- Vodafone: EasyBox 904
- Vodafone: EasyBox 903
- Vodafone: EasyBox 802
How to Get WiFi Botnet Malware Fix
A modem firmware fix is only available through an update by its specific brand or manufacturer.
As previously mentioned, Buffalo provided a security patch fix for users to download and update their modem. The update should be available on their official website.
Asus notably provided occasionally firmware updates on their support page. It remains uncertain if they have added this latest security fix on the available update software.
Meanwhile, Verizon was recently warned about this security issue. Unfortunately, the technician and support page only provides the generic customer service response.
Users with other modem brands are recommended to contact their corresponding manufacturer to update their firmware against this latest security threat.
Related Article: Facebook Data Leak 2021: 7 Steps to Take If Your FB Account Is Hacked