In a significant cybersecurity development, DrayTek has released critical patches for multiple router models, addressing a total of 14 vulnerabilities. Among these, one vulnerability stands out as particularly severe, receiving a perfect 10 out of 10 score on the Common Vulnerability Scoring System (CVSS). This critical flaw potentially allows remote arbitrary code execution, posing a substantial risk to affected devices.
Scope and Impact of the Vulnerabilities
The vulnerabilities, discovered by Forescout Research, affect both currently supported router models and older devices that have reached end-of-life status. Recognizing the gravity of these security flaws, DrayTek has taken the unusual step of issuing patches for both categories of routers. In total, 24 router models are impacted, including 11 that are no longer officially supported.
Researchers have identified over 785,000 potentially vulnerable DrayTek routers connected to the internet. Alarmingly, more than 704,500 of these devices have their DrayTek Vigor Web interface exposed online, despite this interface being intended for local access only. This misconfiguration significantly increases the attack surface for potential exploits.
Geographical Distribution and Vulnerability Types
The geographical distribution of affected devices is noteworthy, with nearly half located in the United States. Significant numbers of vulnerable routers have also been detected in the United Kingdom, Vietnam, the Netherlands, and Australia.
While the majority of the discovered vulnerabilities are classified as medium severity, primarily involving buffer overflow and cross-site scripting (XSS) issues, five of the flaws pose a serious threat to DrayTek device owners:
- A critical remote code execution vulnerability (CVSS 10.0)
- Four high-severity vulnerabilities enabling unauthorized access and potential device takeover
Mitigation Strategies and Recommendations
As of now, there’s no evidence of active exploitation of these vulnerabilities. However, to protect users and allow time for patch implementation, researchers have temporarily withheld detailed information about the bugs. DrayTek users are strongly advised to take the following actions:
- Update firmware immediately to the latest patched version
- Disable remote management features unless absolutely necessary
- Implement strong access controls and authentication mechanisms
- Monitor devices for any suspicious activity or unauthorized access attempts
This security incident underscores the critical importance of prompt patch management and proper device configuration in maintaining a robust cybersecurity posture. As threats continue to evolve, staying vigilant and proactive in applying security updates remains crucial for all network device owners and administrators. By taking swift action to address these vulnerabilities, DrayTek users can significantly reduce their exposure to potential cyberattacks and ensure the continued security of their network infrastructure.