4 comments

[ 2.9 ms ] story [ 19.7 ms ] thread
The discussion on Ars went off the rail.

What was the vulnerability the attackers used? What router families did it affect?

There's a lot more information in the Black Lotus Labs blog post that Ars links to:

> However, as of the time of this writing, we have only been able to obtain the exploit script for JCG-Q20 model routers. In this case, the actor exploited known CVEs (CVE-2020-26878 and CVE-2020-26879)

> The device types consisted of, but were not limited to: Cisco RV 320, 325 and 420; Asus RT-AC68U, RT-AC530, RT-AC68P and RT-AC1900U; DrayTek Vigor 3900 and unspecified NETGEAR devices.

https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silent...

Do we know if openwrt is vulnerable and needs updating?