Article Details
Scrape Timestamp (UTC): 2024-10-02 13:04:21.058
Original Article Text
Click to Toggle View
DrayTek fixed critical flaws in over 700,000 exposed routers. DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. The flaws, which Forescout Research – Vedere Labs discovered, impact both actively supported and models that have reached end-of-life. However, due to the severity, DrayTek has provided fixes for routers in both categories. The researchers warned that their scans revealed that approximately 785,000 DrayTek routers might be vulnerable to the newly discovered set of flaws, with over 704,500 having their web interface exposed to the internet. Vulnerability details Most vulnerabilities discovered by Vedere Labs are medium-severity buffer overflow and cross-site scripting problems dictated by several exploitation requirements. However, five of the flaws carry significant risks, requiring immediate attention. Those are summarized as follows: As of yet, there have been no reports of active exploitation of these flaws, and the publication of analytical details has been withheld to allow users enough time to apply the security updates. The above flaws impact 24 router models, of which 11 have reached the end of life yet still received fixes. The impacted models and target firmware versions to upgrade to can be seen in the table below. Users may download the latest firmware for their device model from DrayTek's official download portal. Over 700,000 DrayTex devices exposed online Verdere Labs reports that it found over 704,500 devices have the DrayTek Vigor Web user interface exposed to the internet, though it should only be accessible from a local network. Nearly half of the devices under Forescout's direct visibility are located in the United States, but Shodan results show significant numbers in the United Kingdom, Vietnam, the Netherlands, and Australia. Apart from applying the latest firmware updates, users are recommended to take the following actions: All DrayTek users should confirm that their device's remote access console is disabled, as exploits and brute force attacks commonly target those services.
Daily Brief Summary
DrayTek has issued updates for multiple router models to mitigate 14 security vulnerabilities, including a severe remote code execution flaw rated at the highest severity level (CVSS score of 10).
The patches cover both currently supported models and those that are no longer actively supported due to the critical nature of the issues discovered.
Approximately 785,000 DrayTek routers are potentially at risk, with over 704,500 routers discovered to have their web interfaces exposed to the internet.
The vulnerabilities mainly include medium-severity issues such as buffer overflows and cross-site scripting, but five of these vulnerabilities are considered high-risk and require urgent remediation.
No active exploits of these vulnerabilities have been reported as of now; detailed technical findings have been temporarily withheld to allow users time to secure their devices.
DrayTek users are urged to download the most recent firmware for their devices from the official DrayTek portal and to ensure that remote access features are disabled to prevent unauthorized access.
The security flaws impact 24 different router models, including 11 models that have already reached end-of-life but are still in use, highlighting ongoing risks in legacy systems.