Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

DrayTek Router Security Update: A Critical Flaw Exposed Over 700,000 Devices



DrayTek Router Security Update: A Critical Flaw Exposed Over 700,000 Devices
DrayTek has released security updates to address a critical flaw in over 700,000 of its routers, which exposes these devices to various security risks. The most critical vulnerability is a remote code execution flaw with the maximum CVSS score of 10.0. DrayTek users are advised to take immediate action to secure their devices.


  • DrayTek released security updates to address 14 vulnerabilities in multiple router models.
  • A remote code execution vulnerability with a maximum CVSS score of 10.0 was discovered, impacting approximately 785,000 routers.
  • Over 704,500 DrayTek routers have their web interface exposed to the internet due to vulnerable firmware.
  • The most critical vulnerabilities include buffer overflow and command injection flaws.
  • DrayTek has provided fixes for both actively supported and end-of-life router models.
  • Users are advised to download the latest firmware and take additional security measures, including disabling remote access and using two-factor authentication.



    • DrayTek has recently released security updates for multiple router models to address a total of 14 vulnerabilities of varying severity. The most critical flaw discovered by Forescout Research – Vedere Labs is a remote code execution vulnerability with a maximum CVSS score of 10.0, which was identified in the "GetCGI()" function responsible for handling HTTP request data.

    The researchers warned that their scans revealed that approximately 785,000 DrayTek routers might be vulnerable to the newly discovered set of flaws, with over 704,500 having their web interface exposed to the internet. The vulnerabilities were found in both actively supported and models that have reached end-of-life, but due to the severity, DrayTek has provided fixes for routers in both categories.

    The most significant risks among the identified vulnerabilities include FSCT-2024-0006: A buffer overflow vulnerability in the "GetCGI()" function; FSCT-2024-0007: Command Injection in OS Communication – The "recvCmd" binary used for communication between the host and guest operating systems is vulnerable to command injection attacks, potentially allowing VM escape; FSCT-2024-0014: The web server backend uses a static string to seed the pseudo-random number generator (PRNG) in OpenSSL for TLS connections, which could lead to information disclosure and man-in-the-middle (MiTM) attacks; FSCT-2024-0001: The use of identical admin credentials across the entire system can lead to full system compromise if these credentials are obtained; FSCT-2024-0002: An HTML page in the Web UI improperly handles input, allowing for reflected XSS vulnerabilities.

    The above flaws impact 24 router models, of which 11 have reached the end of life yet still received fixes. The impacted models and target firmware versions to upgrade to can be seen in the table below.

    DrayTek users are advised to download the latest firmware for their device model from DrayTek's official download portal. In addition to applying the latest firmware updates, users are recommended to take several actions:

    - Disable remote access if not needed;
    - Use an access control list and two-factor authentication when active.
    - Check settings for arbitrary alterations or the addition of admin users or remote access profiles.
    - Disable SSL VPN connections through port 443.
    - Enable syslog logging to monitor for suspicious events.
    - Enable auto-upgrade to HTTPs pages on your web browser.

    All DrayTek users should confirm that their device's remote access console is disabled, as exploits and brute force attacks commonly target those services.

    Furthermore, Forescout Research – Vedere Labs reported that nearly half of the devices under their direct visibility are located in the United States, but Shodan results show significant numbers in the United Kingdom, Vietnam, the Netherlands, and Australia. Over 700,000 DrayTek devices exposed online has been found by Verdere Labs.



    Related Information:

  • https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html

  • https://www.securityweek.com/new-vulnerabilities-expose-hundreds-of-thousands-of-draytek-routers-to-hacking/


    • Published: Fri Oct 4 16:26:32 2024 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us