October 2, 2024 at 10:20AM
DrayTek issued security updates for multiple router models, addressing 14 vulnerabilities, including a critical remote code execution flaw. Around 785,000 routers could be affected, with over 704,500 having their web interface exposed. Five critical flaws were highlighted, warranting immediate attention. No active exploitation has been reported, and users are encouraged to apply the security updates promptly.
Here are the key takeaways from the meeting notes:
– DrayTek has released security updates for multiple router models to address 14 vulnerabilities, including a critical remote code execution flaw with a CVSS score of 10.
– Forescout Research – Vedere Labs discovered the flaws, impacting both actively supported and end-of-life models. DrayTek provided fixes for routers in both categories.
– Approximately 785,000 DrayTek routers might be vulnerable, with over 704,500 having their web interface exposed to the internet.
– The vulnerabilities include buffer overflow, command injection, and cross-site scripting problems, some with significant risks requiring immediate attention.
– Despite no reports of active exploitation, users are urged to apply the security updates.
– Over 700,000 DrayTek devices have the web user interface exposed online, with a significant number in the United States as well as in other countries.
– Recommendations for users include disabling remote access if not needed, checking settings for alterations, and enabling syslog logging to monitor for suspicious events.
– All DrayTek users should confirm that their device’s remote access console is disabled, as it is commonly targeted by exploits and brute force attacks.
This provides a clear summary of the security issues, potential vulnerabilities, and recommended actions for DrayTek users.