Cyberattackers hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks. The security flaw, tracked as CVE-2021-20090, was disclosed last week by Tenable. It affects devices from 20 different vendors and ISPs (ADB, Arcadyan, ASMAX, ASUS, Beeline, British Telecom, Buffalo, Deutsche Telekom, HughesNet, KPN, O2, Orange, Skinny, SparkNZ, TelMex, Telstra, Telus, Verizon and Vodafone. In all, millions of devices worldwide could be vulnerable.
Source: https://threatpost.com/auth-bypass-bug-routers-exploited/168491/