Several new 0-day vulnerabilities reveal millions of routers

0-day vulnerabilities, or zero-day vulnerabilities, are those that have just been released, may not yet have a patch, and are likely to occur on many devices.

In this article, we will alert you to newly released vulnerabilities in routers and repeaters, especially Jetstream and Wavlink. These are vulnerabilities with the ability to remotely run malicious codes labelled CVE-2020-10971 and CVE-2020-10972. These routers are cheap models of Chinese origin, sold mainly at Walmart, and are therefore widely used. They contain "backdoors" that allow an attacker to remotely control not only the routers, but also all devices connected to the network. It is therefore simple to conclude that the vulnerability is extremely critical and all owners of these routers should take timely steps to secure their networks.

The vulnerability was discovered by researchers Mantas Sasnauskas, James Clee and Roni Carta in February this year and was released on 23 November 2020. Although the vulnerability was reported to Jetstream and Wavlink in February this year, it has not yet been reported for these routers, nor has the update been released. The original article can be found here.

What information can an attacker obtain and what can they do?

As soon as someone enters your network without authorisation, they can cause a lot of trouble inside of it. In addition to directly attacking other devices connected to the same network, they can also intercept communications. This means that a skilled attacker can intercept not only the websites you are browsing, but also names and passwords or even credit card numbers.

 

  Source: https://www.zsecurity.org

 

The discoverers of the vulnerability also found evidence that it is being actively used to attempt to connect other devices to the Mirai botnet. Botnet networks are networks of infected computers that are further used, for example, for DDoS attacks. DDoS attacks, by flooding a huge number of requests, will prevent the availability of other services.

 

Do you use the same or a similar router? How to secure it?

Unfortunately, if you have any Jetstream or Wavlink routers in your corporate or home network, you cannot do much about it. We recommend that you disconnect them from the network as soon as possible and replace them with another model until the manufacturer provides a patch for this vulnerability and a security update that removes it.

 

Resources:

https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/

https://james-clee.com/2020/04/18/multiple-wavlink-vulnerabilities/