Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads.

The security flaw was discovered by Tenable. The vulnerability tracked as CVE-2021-20090 (CVSS score of 9.9) could allow remote attackers to bypass authentication.

Vulnerable devices include dozens of router models from multiple vendors, including Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus.

Source: bleepingcomputer.com