Unidentified threat actors are actively exploiting a critical authentication bypass vulnerability to hijack home routers as part of an effort to co-opt them to a Mirai-variant botnet used for carrying out DDoS attacks, merely two days after its public disclosure. Tracked asCVE-2021-20090(CVSS score: 9.9), theweaknessconcerns apath traversal vulnerabilityin the web interfaces ofrouters