Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label router security. Show all posts
Routers
CISA CISA advisory CISA warning Cyber Security Hacker attack Internet Routers internet Security Public Wifi router security Routers

CISA Warns of Renewed Exploits Targeting TP-Link Routers with Critical Flaws

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised fresh concerns about several outdated TP-Link router models that are being actively exploited by cybercriminals. Despite the flaw being identified years ago, it has re-emerged in recent attack campaigns, prompting its addition to CISA’s Known Exploited Vulnerabilities (KEV) catalog. 

The security issue is a command injection vulnerability with a high severity rating of 8.8. It impacts three specific models: TP-Link TL-WR940N, TL-WR841N, and TL-WR740N. The flaw exists within the routers’ web-based management interface, where improperly validated input allows hackers to execute unauthorized commands directly on the devices. This makes it possible for attackers to gain control of the routers remotely if remote access is enabled, or locally if they’re on the same network. 

Although this vulnerability has been publicly known for years, recent activity suggests that malicious actors are targeting these devices once again. According to cybersecurity researchers, the attack surface remains significant because these routers are still in use across many households and small offices. 

CISA has mandated that all federal agencies remove the affected router models from their networks by July 7, 2025. It also strongly recommends that other organizations and individuals replace the devices to avoid potential exploitation. 

The affected routers are particularly vulnerable because they are no longer supported by the manufacturer. The TL-WR940N last received a firmware update in 2016, the TL-WR841N in 2015, and the TL-WR740N has gone without updates for over 15 years. As these devices have reached end-of-life status, no further security patches will be provided. Users are urged to upgrade to newer routers that are regularly updated by manufacturers. 

Modern Wi-Fi routers often include enhanced performance, support for more devices, and built-in security protections. Some brands even offer network-wide security features to safeguard connected devices against malware and intrusion attempts. Additionally, using antivirus software with extra security tools, such as VPNs and threat detection, can further protect against online threats. 

Outdated routers not only put your personal information at risk but also slow down internet speed and struggle to manage today’s connected home environments. Replacing obsolete hardware is an important step in defending your digital life. 

Ensuring you’re using a router that receives timely security updates, combined with good cybersecurity habits, can significantly reduce your exposure to cyberattacks. 

CISA’s warning is a clear signal that relying on aging technology leaves both individuals and organizations vulnerable to renewed threats.
Read more »
Session Smart Routers
Cryptominers Cyber Security DDOS Attacks Default Passwords Juniper Networks Mirai malware router security Session Smart Routers

Juniper Networks Warns of Mirai Malware Threat to Routers with Default Passwords

 

Juniper Networks has issued a warning about a vulnerability in its Session Smart Routers, emphasizing the risk of Mirai malware infection if factory-set passwords are not changed.

Starting December 11, the company began receiving reports from customers about "suspicious behavior" on their devices. Upon investigation, Juniper identified a common factor: users had not updated the default login credentials.

A specific variant of the Mirai malware has been scanning for these routers, exploiting the unchanged passwords to infiltrate systems. Once infected, the devices were reportedly "subsequently used as a DDoS attack source" to bombard websites with excessive traffic. However, Juniper did not disclose the number of devices affected or the locations of the attacks.

According to Juniper, Mirai is capable of executing "a wide range of malicious activities" beyond DDoS attacks. Past cases have revealed its involvement in spreading cryptominers and enabling "click fraud" schemes that manipulate online advertising metrics.

To safeguard their devices, Juniper advises Session Smart Router users to implement strong, unique passwords immediately and to stay vigilant for unusual network activity. Signs to monitor include unexpected port scans, increased login attempts, and surges in outbound traffic.

"If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device," the advisory states.

Juniper also notes that Mirai commonly targets connected devices like routers and cameras, often exploiting software vulnerabilities to spread. Using default credentials further simplifies the intrusion process, making it crucial to update them
Read more »
Subscribe to: Posts (Atom)