CVE-2021-20090
published 2021-04-29CVE-2021-20090: A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow…
PriorityP195critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
99.98%
100.0th percentile
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| buffalo | wsr-2533dhp3-bk_firmware | <= 1.24 | — |
| buffalo | wsr-2533dhpl2-bk_firmware | <= 1.02 | — |
| kpn | experia_wifi_firmware | — | — |
| telus | prv65b444a-s-ts_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcurl --include -X POST http://<host>/apply_abstract.cgi -H "Referer: http://<host>/ping.html" --data "action=start_ping&httoken=<token>&submit_button=ping.html&action_params=blink_time%3D5&ARC_ping_ipaddress=%0AARC_SYS_TelnetdEnable=1&ARC_ping_status=0&TMP_Ping_Type=4"↗
commandaction=start_ping&httoken=<token>&submit_button=ping.html&action_params=blink_time%3D5&ARC_ping_ipaddress=127.0.0.1%0AARC_SYS_TelnetdEnable=1&ARC_ping_status=0&TMP_Ping_Type=4↗
- →Path traversal bypass uses URL-encoded sequences (..%2f) within known static asset directories (/images/, /js/, /css/) to reach authenticated pages without credentials. Detect HTTP requests containing these patterns in the URI. ↗
- →POST requests to /apply_abstract.cgi (or path-traversal equivalent /images/..%2fapply_abstract.cgi) with parameter ARC_SYS_TelnetdEnable=1 indicate exploitation to enable Telnet backdoor. ↗
- →Response from /cgi/cgi_i_filter.js containing '/*DEMO*/' and 'addCfg(' strings indicates successful unauthenticated access to device configuration via path traversal (CVE-2021-20092 / CVE-2021-20090 chain). ↗
- →HTTP response header 'Server: Arcadyan httpd 1.0' identifies affected firmware. Use this banner to fingerprint vulnerable devices during scanning. ↗
- →Redirect to /Success.htm (HTTP 302) after POST to apply_abstract.cgi confirms successful configuration injection exploitation. ↗
- →The httoken CSRF token on these devices is embedded in the DOM as a Base64-encoded value. Requests using a valid httoken obtained via unauthenticated path traversal to loginerror.html or system_p.htm indicate exploitation. ↗
- →CVE-2021-20090 can be chained with CVE-2021-38703 (syslog config injection on Arcadyan-derived firmware) to achieve RCE. Detect both CVEs together in network traffic. ↗
- ·The bypass authentication list (static asset directories: /images/, /js/, /css/) varies slightly per device model/vendor. The exact set of bypassable paths must be confirmed per target firmware. ↗
- ·CVE-2021-20091 and CVE-2021-20092 (configuration injection and improper access control) have only been confirmed on Buffalo WSR-2533 models, while CVE-2021-20090 affects the broader Arcadyan firmware supply chain across at least 13 ISPs. ↗
- ·Certain CGI files under /cgi/ require both a valid httoken and a valid Referer header; if the Referer contains the ..%2f traversal string it will cause an error, requiring proxy match/replace to work around this. ↗
- ·The HughesNet HT2000W exploit uses a Vigenere cipher with hardcoded key 'wg7005d' to encode the password before submission; this is device-specific and may not apply to other Arcadyan-based devices. ↗
- ·The HughesNet HT2000W default web portal IP is 192.168.42.1; other Arcadyan-based devices may use different default gateway IPs (e.g., 192.168.11.1 seen in PoC for Buffalo). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c387-pvvx-p3vq: Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2021-38703 [CRITICAL] CWE-20 GHSA-c387-pvvx-p3vq: Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1
Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker could leverage this to alter the device configuration and achieve remote code execution. This can be exploited in conjunction with CVE-2021-20090.
GHSA
GHSA-6466-44wr-c6vv: A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1
ghsa_unreviewed·2022-05-24
CVE-2021-20090 [CRITICAL] CWE-22 GHSA-6466-44wr-c6vv: A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
GHSA
GHSA-28rc-568h-qq5j: The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3
ghsa_unreviewed·2022-05-24·CVSS 9.8
CVE-2021-20122 [CRITICAL] CWE-77 GHSA-28rc-568h-qq5j: The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker connected to the router's LAN and authenticated with a super user account, or using a bypass authentication vulnerability like CVE-2021-20090 could leverage this issue to run commands or gain a shell as root on the target device.
VulnCheck
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-1497 [CRITICAL] CWE-78 Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.
Affected: Cisco HyperFlex HX
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.cisa.gov/uscert/ncas/alerts/aa22-279a; https://securityaffairs.co/wordpress/139821/security/cisco-old-vulnerabilities-exploitation.html; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/
VulnCheck
Tenda AC11 Router Stack Buffer Overflow Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-31755 [CRITICAL] CWE-787 Tenda AC11 Router Stack Buffer Overflow Vulnerability
Tenda AC11 Router Stack Buffer Overflow Vulnerability
Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
Affected: Tenda AC11 Router
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai; https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2021-31755; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-2
VulnCheck
Arcadyan Buffalo Firmware Path Traversal Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-20090 [CRITICAL] CWE-22 Arcadyan Buffalo Firmware Path Traversal Vulnerability
Arcadyan Buffalo Firmware Path Traversal Vulnerability
Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.
Affected: Arcadyan Buffalo Firmware
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild; https://www.radware.com/getmedia/18d24c2d-c092-4a61-9ad6-ebb92b7a49b8/Alert_Realtek_SDK.aspx; https://www.radware.com/getmedia/d312a5fa-2d8d-4c1e-b31e-73046f24bf35/Alert-Dark-OMIGOD.aspx; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerab
VulnCheck
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-22502 [CRITICAL] CWE-20 Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
Affected: Micro Focus Operation Bridge Reporter (OBR)
Required Action: Apply updates per vendor instructions.
Exploitation References: https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/; https://unit42.paloaltonetworks.com/network-attack-trends-february-april-2021/; https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai; https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild; https://www.radware.com/getmedia/18d24c2d-c092-4a61-9ad6-ebb92b7a49b8/Alert_Realtek_SDK.aspx; https://www.cisa.gov/sites/default/files
VulnCheck
Micro Focus Access Manager Information Leakage Vulnerability
vulncheck·2021·CVSS 7.5
CVE-2021-22506 [HIGH] Micro Focus Access Manager Information Leakage Vulnerability
Micro Focus Access Manager Information Leakage Vulnerability
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
Affected: Micro Focus Micro Focus Access Manager
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2021-11-17
VulnCheck
D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-29557 [CRITICAL] CWE-119 D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability
D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.
Affected: D-Link DIR-825 R1 Devices
Required Action: Apply updates per vendor instructions.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-february-april-2021/; https://www.fortinet.com/blog/threat-research/the-ghosts-of-mirai; https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-07-13&host_type=src&vulnerability=cve-2020-29557; https://dashboard.
CISA
Arcadyan Buffalo Firmware Path Traversal Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2021-20090 [CRITICAL] CWE-22 Arcadyan Buffalo Firmware Path Traversal Vulnerability
Vulnerability: Arcadyan Buffalo Firmware Path Traversal Vulnerability
Affected: Arcadyan Buffalo Firmware
Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-20090
Remediation Due Date: 2021-11-17
No detection rules found.
Exploit-DB
HughesNet HT2000W Satellite Modem - Password Reset
exploitdb·2024-08-24·CVSS 9.8
CVE-2021-20090 [CRITICAL] HughesNet HT2000W Satellite Modem - Password Reset
HughesNet HT2000W Satellite Modem - Password Reset
---
# Exploit Title: HughesNet HT2000W Satellite Modem (Arcadyan httpd 1.0) - Password Reset
# Date: 7/16/24
# Exploit Author: Simon Greenblatt
# Vendor: HughesNet
# Version: Arcadyan httpd 1.0
# Tested on: Linux
# CVE: CVE-2021-20090
import sys
import requests
import re
import base64
import hashlib
import urllib
red = "\033[0;41m"
green = "\033[1;34;42m"
reset = "\033[0m"
def print_banner():
print(green + '''
_____________ _______________ _______________ ________ ____ _______________ _______ _______________
\_ ___ \ \ / /\_ _____/ \_____ \ _ \ \_____ \/_ | \_____ \ _ \ \ _ \/ __ \ _ \
/ \ \/\ Y / | __)_ ______ / ____/ /_\ \ / ____/ | | ______ / ____/ /_\ \/ /_\ \____ / /_\ \
\ \____\ / | \ /_____/ / \ \_/ \/ \ | | /_____/ / \ \_/ \ \
Nuclei
Buffalo WSR-2533DHPL2 - Configuration File Injection
nuclei·CVSS 8.8
CVE-2021-20091 [HIGH] Buffalo WSR-2533DHPL2 - Configuration File Injection
Buffalo WSR-2533DHPL2 - Configuration File Injection
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution.
Template:
id: CVE-2021-20091
info:
name: Buffalo WSR-2533DHPL2 - Configuration File Injection
author: gy741,pdteam,parth
severity: high
description: |
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution.
impa
Nuclei
Buffalo WSR-2533DHPL2 - Improper Access Control
nuclei·CVSS 8.8
CVE-2021-20092 [HIGH] Buffalo WSR-2533DHPL2 - Improper Access Control
Buffalo WSR-2533DHPL2 - Improper Access Control
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
Template:
id: CVE-2021-20092
info:
name: Buffalo WSR-2533DHPL2 - Improper Access Control
author: gy741,pdteam,parth
severity: high
description: |
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
impact: |
An attacker can exploit this vulnerability to gain unauthorized access to the router's configuration settings and potentially compromise the entire network.
remediation: |
Apply the latest firmware up
Nuclei
Buffalo WSR-2533DHPL2 - Path Traversal
nuclei·CVSS 9.8
CVE-2021-20090 [CRITICAL] Buffalo WSR-2533DHPL2 - Path Traversal
Buffalo WSR-2533DHPL2 - Path Traversal
Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces.
Template:
id: CVE-2021-20090
info:
name: Buffalo WSR-2533DHPL2 - Path Traversal
author: gy741
severity: critical
description: |
Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces.
impact: |
An attacker can exploit this vulnerability to read sensitive files, such as configuration files, credentials, or other sensitive information.
Qualys
NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
blogs_qualys·2022-10-07·CVSS 10.0
[CRITICAL] NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors
## Table of Contents
Detect & Prioritize 20 Publicly Known Vulnerabilities using VMDR 2.0
Identify Vulnerable Assets using Qualys Threat Protection
Recommendations & Mitigations
Contributors
On October 6, 2022, the United States National Security Agency (NSA) released a cybersecurity advisory on the Chinese government—officially known as the People’s Republic of China (PRC) states-sponsored cyber actors’ activity to seek national interests. These malicious cyber activities attributed to the Chinese government targeted, and persist to target, a mixture of industries and organizations in the United States. They provide the top CVEs used since 2020 by the People’s Republic of China (PRC) states-sponsored cyber actors as evaluated by the National Security Agency (NSA), Cybersecurity and I
Qualys
NSA Alert: Topmost CVEs Actively Exploited By PRC Sponsored Cyber Actors | Qualys
blogs_qualys·2022-10-07
NSA Alert: Topmost CVEs Actively Exploited By PRC Sponsored Cyber Actors | Qualys
#### Table of Contents
- Detect & Prioritize 20 Publicly Known Vulnerabilities using VMDR 2.0
- Identify Vulnerable Assets using Qualys Threat Protection
- Recommendations & Mitigations
- Contributors
On October 6, 2022, the United States National Security Agency (NSA) released a cybersecurity advisory on the Chinese government—officially known as the People’s Republic of China (PRC) states-sponsored cyber actors’ activity to seek national interests. These malicious cyber activities attributed to the Chinese government targeted, and persist to target, a mixture of industries and organizations in the United States. They provide the top CVEs used since 2020 by the People’s Republic of China (PRC) states-sponsored cyber actors as evaluated by the National Security Agency (NSA), Cybersecurit
Tenable
Top 20 CVEs Exploited by People's Republic of China State-Sponsored Actors (AA22-279A)
blogs_tenable·2022-10-07
Top 20 CVEs Exploited by People's Republic of China State-Sponsored Actors (AA22-279A)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Multiple Vulnerabilities in Telus Wi-Fi Hub
blogs_tenable·2021-10-11
Multiple Vulnerabilities in Telus Wi-Fi Hub
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Checkpoint
09th August – Threat Intelligence Report
blogs_checkpoint·2021-08-09·CVSS 9.8
CVE-2021-20090 [CRITICAL] 09th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 09th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th August, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Four critical infrastructures organizations in South East Asia have been the target the of a cyberespionage campaign by alleged Chinese threat actors for several months, aiming at exploiting information from the victims’ SCADA systems. The targeted sectors included power, water, defense, and communications companies.
The Au
Tenable
White Paper: Router Vulnerability Present for a Decade
blogs_tenable·2021-08-02·CVSS 9.8
CVE-2021-20090 [CRITICAL] White Paper: Router Vulnerability Present for a Decade
White paper
## Router Vulnerability Present for a Decade
## Why IoT Supply Chain Is to Blame
The discovery of shared libraries used across a number of devices has led to one persistent vulnerability being present in routers provided by at least 13 ISPs across 11 countries. Discovered by Tenable researchers, CVE-2021-20090 is a path traversal vulnerability which allows an attacker to bypass authentication to the web interface, and could be leveraged to access other devices on a home or corporate network.
In this whitepaper you can learn more about the vulnerability and how it was discovered, what its impact could be upon exploit and how this issue in shared libraries can be better prevented in the future:
How this vulnerability was present in Arcadyan's code for many years and used in
Tenable
Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers
blogs_tenable·2021-04-23
Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
https://www.kb.cert.org/vuls/id/914124https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/https://www.tenable.com/security/research/tra-2021-13https://www.kb.cert.org/vuls/id/914124https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/https://www.tenable.com/security/research/tra-2021-13https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20090
2021-04-29
Published
2021-11-03
Added to CISA KEV
Exploited in the wild