Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with web interfaces that could allow unauthenticated remote attackers to bypass authentication. Millions of routers likely exposed to attacks, including Asus, British Telecom, Deutsche Telekom, Orange, Verizon, O2 (Telefonica), Vodafone, Telstra, and Telus.
Source: https://www.bleepingcomputer.com/news/security/actively-exploited-bug-bypasses-authentication-on-millions-of-routers/