Request a Demo
Rewterz
Rewterz Threat Alert –Raccoon Infostealer – Active IOCs
August 9, 2021
Rewterz
Rewterz Threat Advisory –Multiple Microsoft Exchange Servers Security Vulnerabilities
August 9, 2021

Rewterz Threat Advisory –CVE-2021-20090 – Router Vulnerability Being Exploited In The Wild

Severity

Medium

Analysis Summary

CVE-2021-20090

Buffalo routers could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to the Web interface containing “dot dot” sequences (/../) to bypass authentication. The attacker seems to be attempting to deploy a Mirai variant on the affected routers using scripts similar in name to the ones mentioned by Palo Alto Networks in March. The similarity could indicate that the same threat actor is behind this new attack and attempting to upgrade their infiltration arsenal with yet another freshly disclosed vulnerability. This vulnerability is being exploited in the wild.

update-1628492531.png

Impact

  • Server Outage
  • Data Loss
  • Website Downtime

Affected Vendors

Buffalo

Affected Products

  • Buffalo WSR-2533DHP3 1.24
  • Buffalo WSR-2533DHPL2 1.02

Indicators of Compromise

IP

  • 27[.]22[.]80[.]19
  • 212[.]192[.]241[.]72

MD5

  • 5e450f4f32d5054a784079da0e91aed3
  • f0b0acf4f9bb09f22c2f54ca3c214bef
  • ee40c8405d4247897e0ae9631fbf1829
  • b1fefac85d00fa80a402d7fe8166dade
  • ee7249ee77e59cad5ec52cfb8c2e27f1
  • fb753a2ab5e2ca61424b28f7ff3d1344
  • 9344542748024ed06d98116e3b5f86d6
  • df4955166992ec18c270c79ffe1471e2
  • 55f6eb2e1d81837383255f6ffa3d20b5

SHA-256

  • 73edf8bfbbeaccdd84204f24402dcf488c3533be2682724e5906396b9237411d
  • 8bb454cd942ce6680f083edf88ffa31661a47a45eb3681e1b36dd05043315399
  • f83eadaa00e81ad51e3ab479b900b981346895b99d045a6b6f77491c3132b58c
  • e4bc34e321b31926fd2fa1696136187b13864dfa03fba6848e59f9f72bfa9529
  • 80331cf89f3e6026b33b8f1bfa1c304295b9327311661d7927f78824f04cf528
  • 904f9b2e029595365f4f4426069b274810510908c7dd23a3791a831f51e9f1fc
  • 283f932f30756408a59dac97a6965eb792915242214d590eab1c6cb049148582
  • c2f5bbf35afc7335f789e420c23c43a069ecfcca1a8f9fac5cd554a7a769440e
  • 70764ef9800c1d09f965fbb9698d0eda52448b23772d118f2f2c4ba37b59fc20

SHA-1

  • 0d984bc367f896507b6ac63a2d54de649febe692
  • 8610b6d1742b68fa6a1ca65dce5ab59ffda21700
  • c4b2dbfed3cd1fe0dc1352a8748e724f8f0f47b7
  • c7de40cac97a43d051ff3f32130ae87f528ffc8c
  • c1b778e6fdc884b7e74dd8a5864731f8bdf8ef4c
  • 97901ee4bec90572fea2d576bc54cc187af93852
  • 997c2af5c3010822e2a3653e7fcfc6b8dd2065c1
  • 09b3f38986ec21bfd37a165a6422ef98dac92974
  • fd6c2d52628808802c890c130e3f1d1e6a9c8f54

Remediation

  • Upgrade your operating system.
  • Don’t open files and links from unknown sources.
  • Install and run anti-virus scans.