Unidentified threat actors are exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks. The issue is believed to have existed for at least 10 years, affecting at least 20 models across 17 different vendors, including Asus, Beeline, British Telecom, Buffalo, Deutsche Telekom, Orange, Telstra, Telus, Verizon, and Vodafone. The vulnerability concerns a path traversal vulnerability in the web interfaces of routers with Arcadyan firmware.
Source: https://thehackernews.com/2021/08/hackers-exploiting-new-auth-bypass-bug.html