Over the past two days, a series of critical vulnerabilities in routers from different manufacturers have been disclosed, highlighting the urgent need to reinforce the security of these essential network infrastructure devices.
On March 12, 2025, it was reported that thousands of vulnerable TP-Link Archer routers exposed to the internet were targeted by a new botnet. These devices contain a vulnerability designated as CVE-2023-1389, allowing remote command injection via the web interface, enabling attackers to install malware on the devices. Source.
Also, on March 12, Mandiant, a Google-owned threat intelligence company, observed that the cyber-espionage group UNC3886 was attacking end-of-life Juniper Networks MX routers. These attacks aimed to implant custom backdoors, highlighting the group's ability to focus on internal network infrastructure. Source.
On March 13, 2025, Cisco released patches for ten vulnerabilities in IOS XR, including five that could lead to Denial of Service (DoS) conditions. The most severe flaws, CVE-2025-20142 and CVE-2025-20146, both with a CVSS score of 8.6, affect features such as IPv4 Access Control Lists (ACLs), Quality of Service (QoS), and Layer 3 multicast on ASR 9000, ASR 9902, and ASR 9903 series routers. Source.
These incidents, disclosed within a short two-day span, raise a crucial question: "Who is protecting the routers?"
Often overlooked, these devices serve as critical entry points for corporate and home networks, making their security fundamental to data and service protection.
In this context, technologies developed by NetSensor provide an additional security layer, extending protection to network infrastructure, including firewalls and edge routers. By implementing advanced monitoring and defense solutions, it is possible to mitigate risks and strengthen network resilience against emerging threats.
Comments