Ethical Hacking News

Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities

DrayTek router security: 14 new vulnerabilities discovered in millions of devices worldwide, with patches already released by the manufacturer to address these issues.

Over 700,000 DrayTek routers have been exposed to hacking due to 14 newly discovered vulnerabilities.

The most critical vulnerability is CVE-2024-41592, which can lead to a denial-of-service (DoS) or remote code execution (RCE).

Another critical vulnerability is CVE-2024-41585, which concerns an operating system (OS) command injection flaw.

The remaining 12 flaws pose significant risks to residential and enterprise routers.

DrayTek has released patches for all the identified flaws.

The cybersecurity landscape has witnessed yet another significant breach, as over 700,000 DrayTek routers have been exposed to hacking due to 14 newly discovered vulnerabilities. This alarming development highlights the need for organizations to prioritize their network security and take proactive measures to protect themselves against potential threats.

According to a recent report by Forescout Vedere Labs, these vulnerabilities collectively known as DRAY:BREAK, pose significant risks to residential and enterprise routers manufactured by DrayTek. The most critical of these flaws is CVE-2024-41592, which relates to a buffer overflow bug in the "GetCGI()" function in the Web user interface. This vulnerability can lead to a denial-of-service (DoS) or remote code execution (RCE) when processing query string parameters.

Another critical vulnerability, CVE-2024-41585, concerns a case of operating system (OS) command injection in the "recvCmd" binary used for communications between the host and guest OS. This flaw has been awarded the maximum CVSS score of 10.0, emphasizing its severity.

Forescout's analysis revealed that over 704,000 DrayTek routers have their Web UI exposed to the internet, creating an attack-rich surface for malicious actors. A majority of these instances are located in the U.S., followed by Vietnam, the Netherlands, Taiwan, and Australia.

The remaining 12 flaws are listed below:

CVE-2024-41589 (CVSS score: 7.5) - Use of the same admin credentials across the entire system, resulting in full system compromise
CVE-2024-41591 (CVSS score: 7.5) - A reflected cross-site scripting (XSS) vulnerability in the Web UI
CVE-2024-41587 (CVSS score: 4.9) - A stored XSS vulnerability in the Web UI when configuring a custom greeting message after logging in
CVE-2024-41583 (CVSS score: 4.9) - A stored XSS vulnerability in the Web UI when configuring a custom router name to be displayed to users
CVE-2024-41584 (CVSS score: 4.9) - A reflected XSS vulnerability in the Web UI's login page
CVE-2024-41588 (CVSS score: 7.2) - Buffer overflow vulnerabilities in the Web UI's CGI pages "/cgi-bin/v2x00.cgi" and "/cgi-bin/cgiwcg.cgi" leading to DoS or RCE
CVE-2024-41590 (CVSS score: 7.2) - Buffer overflow vulnerabilities in the Web UI's CGI pages leading to DoS or RCE
CVE-2024-41586 (CVSS score: 7.2) - A stack buffer overflow vulnerability in the Web UI's "/cgi-bin/ipfedr.cgi" page leading to DoS or RCE
CVE-2024-41596 (CVSS score: 7.2) - Multiple buffer overflow vulnerabilities in the Web UI leading to DoS or RCE
CVE-2024-41593 (CVSS score: 7.2) - A heap-based buffer overflow vulnerability in the Web UI's ft_payloads_dns() function leading to DoS
CVE-2024-41595 (CVSS score: 7.2) - An out-of-bounds write vulnerability in the Web UI leading to DoS or RCE
CVE-2024-41594 (CVSS score: 7.6) - An information disclosure vulnerability in the web server backend for the Web UI that could allow an adversary-in-the-middle (AitM) attack

DrayTek has already released patches for all the identified flaws, with the max-rated vulnerability also addressed in 11 end-of-life (EoL) models.

"The development comes as cybersecurity agencies from Australia, Canada, Germany, Japan, the Netherlands, New Zealand, South Korea, the U.K., and the U.S. issued joint guidance for critical infrastructure organizations to help maintain a safe, secure operational technology (OT) environment," Forescout said.

The document, titled "Principles of operational technology cybersecurity," outlines six foundational rules:

Safety is paramount
Knowledge of the business is crucial
OT data is extremely valuable and needs to be protected
Segment and segregate OT from all other networks
The supply chain must be secure
People are essential for OT cyber security

"Quickly filtering decisions to identify those that impact the security of OT will enhance the making of robust, informed, and comprehensive decisions that promote safety, security and business continuity when designing, implementing, and managing OT environments," the agencies said.

In light of this critical vulnerability alert, it is crucial that organizations take proactive measures to secure their networks. By keeping their software up-to-date and using strong access controls, they can minimize the risk of falling prey to such vulnerabilities.

Related Information:

https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html

https://www.bleepingcomputer.com/news/security/draytek-fixed-critical-flaws-in-over-700-000-exposed-routers/

https://nvd.nist.gov/vuln/detail/CVE-2024-41592

https://www.cvedetails.com/cve/CVE-2024-41592/

https://nvd.nist.gov/vuln/detail/CVE-2024-41585

https://www.cvedetails.com/cve/CVE-2024-41585/

https://nvd.nist.gov/vuln/detail/CVE-2024-41589

https://www.cvedetails.com/cve/CVE-2024-41589/

https://nvd.nist.gov/vuln/detail/CVE-2024-41591

https://www.cvedetails.com/cve/CVE-2024-41591/

https://nvd.nist.gov/vuln/detail/CVE-2024-41587

https://www.cvedetails.com/cve/CVE-2024-41587/