Over 700,000 DrayTek Routers Vulnerable to New Security Flaws

October 2, 2024

Researchers from Forescout have uncovered 14 new vulnerabilities in routers manufactured by DrayTek. Two of these vulnerabilities are classified as critical, while nine are considered high and three medium in severity. These security flaws could potentially be exploited to gain control over vulnerable devices.

The researchers found that over 704,000 DrayTek routers are exposed online across 168 different countries. This exposes a large number of customers to serious risk. The vulnerabilities could be exploited for a variety of malicious activities, including cyber espionage, data theft, ransomware attacks, and denial-of-service (DoS) attacks.

On September 18, 2024, the FBI managed to dismantle a botnet that was exploiting three vulnerabilities in DrayTek routers. The Cybersecurity and Infrastructure Security Agency (CISA) has also added two more vulnerabilities to its list of known exploited vulnerabilities.

According to the Forescout report, “Since 75% of these routers are used in commercial settings, the implications for business continuity and reputation are severe. A successful attack could lead to significant downtime, loss of customer trust and regulatory penalties, all of which fall squarely on a CISO’s shoulders.”

The most severe vulnerability, known as CVE-2024-41592, is a DoS/Remote Code Execution (RCE) issue. The advisory states, “The “GetCGI()” function in the Web UI, responsible for retrieving HTTP request data, is vulnerable to a buffer overflow when processing the query string parameters.”

The second critical issue, CVE-2024-41585, is an OS command execution / VM escape vulnerability. The “recvCmd” binary, which facilitates communication between the host and guest operating systems, is susceptible to OS command injection attacks.

DrayTek has released security updates to address the vulnerabilities reported by Forescout. The company has stated that it is currently unaware of any attacks in the wild exploiting these vulnerabilities.

The Forescout report concludes, “While the extent of these findings was beyond expectation, it was not entirely surprising. DrayTek is among many vendors that does not appear to conduct the necessary variant analysis and post-mortem analysis after vulnerability reports — which could lead to long-term improvements.” Compared to research on Operational Technology (OT), a smaller percentage of unpatched and end-of-life IT routers were found in DrayTek compared to OT routers (Sierra Wireless).

Latest News

• CosmicSting Attacks Compromise Over 4,000 Adobe Commerce and Magento Stores
• Pervasive 'perfctl' Fileless Malware Threatens Millions of Linux Servers Globally
• Critical Ivanti Vulnerability Actively Exploited, CISA Issues Warning
• Critical Security Flaws Detected in Optigo Networks ONS-S8 Aggregation Switch
• Zimbra Email Servers Under Attack: Active Exploitation of Critical RCE Flaw