Ethical Hacking News
Breaking News: 700K+ Draytek Routers Exposed to Public Internet, Vulnerable to Remote Hijacking and Exploitation
700,000 Draytek Vigor routers are vulnerable to remote hijacking and exploitation. 24 models of Draytek routers are affected, with 14 newly discovered bugs identified. A critical remote-code-execution flaw (CVE-2024-41592) has a severity rating of 10 out of 10. 75% of the vulnerable devices belong to commercial users, posing significant risks for companies.
The recent revelation of a staggering number of Draytek routers being exposed to the public internet has sent shockwaves throughout the cybersecurity community. According to a report published by Forescout Research's Vedere Labs, an estimated 700,000 Draytek Vigor routers are sitting ducks on the internet, open to remote hijacking and exploitation by malicious actors.
The vulnerabilities in question affect 24 models of Draytek routers, with 14 newly discovered bugs identified by Vedere Labs. Among these, one critical remote-code-execution flaw (CVE-2024-41592) has received a perfect 10 out of 10 CVSS severity rating, making it a highly exploitable vulnerability.
The affected devices are largely used by businesses and organizations, with an estimated 75 percent of the vulnerable devices belonging to commercial users. This poses significant risks for companies that rely on these routers for their internet connectivity and network infrastructure.
According to Elisa Costante, Forescout VP of research, "Over the past six years, Draytek vulnerabilities have been consistently exploited by threat actors, especially by Chinese APTs." This has led to a concerning trend of Chinese cyber spies targeting Draytek routers, with recent instances including the exploitation of three CVEs in Draytek routers to build a 260,000-device botnet.
Furthermore, Vedere Labs discovered that some vulnerable devices, such as those belonging to the 3910 and 3912 series, support high download/upload speeds and feature quad-core CPUs, ample RAM, and SSD storage. These features make them more capable than traditional routers and could potentially be used as command-and-control servers for malicious actors.
Draytek has issued patches for all 14 CVEs across both supported and end-of-life routers. However, users are advised to take steps to limit exploitation in the future, including disabling remote access capabilities when not required, implementing two-factor authentication, and configuring access control lists to restrict remote access.
Additional measures recommended by experts include network segmentation, strong passwords, and device monitoring. This is particularly crucial given the involvement of nation-state gangs in targeting routers as part of their cyberattacks.
In light of this alarming revelation, organizations relying on Draytek routers must prioritize upgrading to patched versions or implementing additional security measures to protect themselves against these vulnerabilities.
Moreover, government agencies and cybersecurity experts are urging individuals and businesses to remain vigilant and take proactive steps to safeguard against such threats. The ongoing threat landscape highlights the need for robust cybersecurity practices, including the implementation of robust security protocols and a culture of vigilance in the face of ever-evolving threats.
The recent discovery serves as a poignant reminder that even seemingly secure devices can harbor hidden vulnerabilities waiting to be exploited by malicious actors. As cybersecurity threats continue to evolve at an unprecedented pace, it is imperative that we prioritize our collective efforts to stay ahead of these threats and ensure the continued safety and security of our digital infrastructure.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2024/10/02/draytek_routers_bugs/
https://nvd.nist.gov/vuln/detail/CVE-2024-41592
https://www.cvedetails.com/cve/CVE-2024-41592/
Published: Thu Oct 3 00:20:41 2024 by llama3.2 3B Q4_K_M
