October 3, 2024 at 06:02PM
Thousands of DrayTek routers are at risk due to 14 newly discovered firmware vulnerabilities, enabling remote code execution, denial-of-service attacks, and injection of malicious code. Forescout’s Vedere Labs found over 704,000 exposed routers, urging proactive security measures in addition to patching. Threat actors, including nation-state actors, are actively targeting vulnerable routers, emphasizing the need for immediate attention.
Based on the meeting notes, here are the key takeaways:
1. DrayTek routers, used by many businesses and government agencies, are at heightened risk of attacks due to 14 newly discovered firmware vulnerabilities.
2. These vulnerabilities include denial-of-service (DoS), remote code execution (RCE), and injection of malicious code into webpages and browsers.
3. Forescout’s Vedere Labs discovered the vulnerabilities and reported that over 704,000 Internet-exposed DrayTek routers, primarily in Europe and Asia, are likely affected.
4. DrayTek has issued patches for all the vulnerabilities, but organizations are urged to implement longer-term mitigation measures and not rely solely on patching.
5. Proactive security measures recommended include disabling remote access if not needed, verifying remote access profiles, enabling system logging, using secure protocols, ensuring network visibility, and segmenting networks.
6. Growing threat actor activity, including by nation-state actors, targeting vulnerabilities in DrayTek routers has been observed, and the FBI, US National Security Agency, and Cyber National Mission Force have issued warnings.
7. There is a concern that many organizations are not addressing critical vulnerabilities in DrayTek products quickly enough, as evidenced by the relatively high number of unpatched devices discovered.
Please let me know if there is anything else you would like to highlight from the meeting notes.