Share this article on:
Security researchers have found 14 new vulnerabilities in 24 models of Vigor routers, with more than 700,000 exposed worldwide.
Researchers at US cyber security firm Forescout have uncovered 14 significant vulnerabilities in DrayTek routers, ranging in severity from medium to one with a maximum severity of 10.
Forescout’s Vedere Labs focused on DrayTek routers specifically as the company’s hardware is frequently targeted by a range of threat actors and is widely across businesses of all sizes.
Additionally, DrayTek routers have had no less than 18 critical vulnerabilities reported since 2013.
In particular, the researchers looked closely at DrayOS and its web-based user interface.
“This component is often exposed to the Internet, has been found vulnerable several times recently, and likely has the largest attack surface,” Vedere Labs said in its report, Dray:Break – Breaking Into DrayTek Routers Before Threat Actors Do It Again.
The researchers were not wrong.
Alongside the one CVE with a severity rating of 10, a second is also critical, and nine are considered a medium threat. The vulnerabilities impact the following router models:
Despite the latter five model groups being end-of-life, DrayTek has released patches for all impacted devices. Individually, the vulnerabilities can lead to everything from complete system compromise to remote code execution and man-in-the-middle attacks.
According to Vedere Labs, threat actors could conduct espionage or exfiltrate data via the vulnerabilities or create automated botnets to launch distributed denial-of-service (DDoS) attacks.
A Shodan scan reveals a total of 704,525 exposed DrayTek routers. The vast majority are in the EU, the UK, and throughout Asia, but there are more than 37,000 compromised devices in Australia and New Zealand.
“DrayTek routers were found in 168 countries, with the UK alone accounting for 36 per cent of those, followed by Vietnam with 17 per cent and the Netherlands with 9 per cent,” Vedere Labs said.
“The prevalence of devices in these countries appears to be linked to the use of DrayTek routers by popular ISPs.”
Most of those routers are used by small to medium enterprises, while 25 per cent are residential, with 3 per cent being used in enterprise settings. Worryingly, 38 per cent of all these devices remain vulnerable to a similar suite of vulnerabilities reported two years ago.
“While the extent of these findings was beyond expectation, it was not entirely surprising,” Vedere Labs said.
“DrayTek is among many vendors that [do] not appear to conduct the necessary variant analysis and post-mortem analysis after vulnerability reports – which could lead to long-term improvements.”
You can read the full report here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.