14 new vulnerabilities found in DrayTek by researchers
.jpg?1727964771)
A recent report by Forescout Technologies has uncovered 14 additional vulnerabilities in DrayTek routers. These vulnerabilities, if left unaddressed, could potentially allow attackers to take full control of the devices, leaving them vulnerable to ransomware, denial of service attacks, and other malicious activities. This highlights the urgent need for immediate action such as patching and disabling unnecessary remote access to safeguard network devices against the increasing cyber threats.
DrayTek routers are extensively used across various industries, making them an attractive target for cybercriminals. In addition to this recent discovery, DrayTek routers have also been singled out in an FBI action, and CISA has included DrayTek vulnerabilities in the Known Exploited Vulnerabilities (KEV) list.
- A total of 14 vulnerabilities were identified in DrayTek routers, with the most severe receiving a CVSS score of 10 and another scoring 9.1. These critical vulnerabilities can enable attackers to carry out remote code execution and OS command injection attacks. Additional technical details can be found in the full report.
- Global exposure is widespread, with over 704,000 DrayTek routers currently accessible on the internet. The UK and EU account for over 425,000 routers, while more than 190,000 are located in Asia. The report provides a comprehensive breakdown of regional exposure. The majority of these routers are used for commercial purposes, with 75% being used in business settings. Nearly 40% of DrayTek routers remain vulnerable to issues that were identified two years ago and added to the CISA KEV catalog.
- End-of-life devices are particularly at risk, as the vulnerabilities affect 24 different DrayTek router models, 11 of which are end-of-life. Over 63% of the exposed devices are either End-of-sale or EoL, making them challenging to patch and secure.
The vulnerabilities in DrayTek routers create numerous potential attack vectors, especially for those with the web management interface exposed to the internet. Attackers could install a persistent rootkit to intercept and analyze network traffic, potentially stealing sensitive data such as credentials or confidential information. Once inside, attackers could move laterally across the network, compromising other devices and potentially leading to ransomware, denial-of-service attacks, or the creation of botnets for distributed attacks. Advanced routers like the Vigor3910 could even be repurposed as command-and-control servers for further attacks.
As part of the responsible disclosure process, DrayTek has addressed all the firmware vulnerabilities uncovered by Vedere Labs. However, organizations must still take steps to mitigate risks and protect these devices on their networks.
