Researchers found a flaw affecting 29 DrayTek router models

Updated on: 03 August 2022

Jurgita Lapienytė
Chief Editor

Internet router wires — Image by Shutterstock

A flaw in popular routers might lead to a network breach. Thousands of routers might still be vulnerable.

The Trellix Threat Labs Vulnerability Research team found an unauthenticated remote code execution (RCE) vulnerability affecting multiple DrayTek routers.

A Taiwanese company manufactures Small Office and Home Office (SOHO) routers widely adopted in the UK, Vietnam, and Taiwan.

The discovered vulnerability could lead to "a full compromise of the device and may lead to a network breach and unauthorized access to internal resources."

DrayTek Vigor 3910 and 28 other router models are vulnerable to the discovered RCE flaw. The compromise of a network appliance such as the Vigor 3910 router could lead to a leak of the sensitive data stored on the router, access to the internal resources, a man in the middle of the network traffic, botnet activity, and packet capture of the data going through any port of the router, among other things.

"During our research, we uncovered over 200k devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited. Many more devices where the affected service is not exposed externally are still vulnerable to a one-click attack from the LAN," Trellix said.

DrayTek router usage — Shodan search showing DrayTek devices used worldwide

The manufacturer has already released the patch. "If you or your organization are managing DrayTek devices, we recommend that you visit the manufacturer's website and apply the patch as soon as possible," Trellix added.

DrayTek released the patch less than thirty days after the vulnerability disclosure.

"Edge devices, such as the Vigor 3910 router, live on the boundary between internal and external networks. As such, they are a prime target for cybercriminals and threat actors alike. Remotely breaching edge devices can lead to a full compromise of the businesses' internal network," Trellix said.

The company stressed that keeping these devices patched and updated is crucial.