© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

Researchers found a flaw affecting 29 DrayTek router models


A flaw in popular routers might lead to a network breach. Thousands of routers might still be vulnerable.

The Trellix Threat Labs Vulnerability Research team found an unauthenticated remote code execution (RCE) vulnerability affecting multiple DrayTek routers.

A Taiwanese company manufactures Small Office and Home Office (SOHO) routers widely adopted in the UK, Vietnam, and Taiwan.

The discovered vulnerability could lead to "a full compromise of the device and may lead to a network breach and unauthorized access to internal resources."

DrayTek Vigor 3910 and 28 other router models are vulnerable to the discovered RCE flaw. The compromise of a network appliance such as the Vigor 3910 router could lead to a leak of the sensitive data stored on the router, access to the internal resources, a man in the middle of the network traffic, botnet activity, and packet capture of the data going through any port of the router, among other things.

"During our research, we uncovered over 200k devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited. Many more devices where the affected service is not exposed externally are still vulnerable to a one-click attack from the LAN," Trellix said.

DrayTek router usage
Shodan search showing DrayTek devices used worldwide

The manufacturer has already released the patch. "If you or your organization are managing DrayTek devices, we recommend that you visit the manufacturer's website and apply the patch as soon as possible," Trellix added.

DrayTek released the patch less than thirty days after the vulnerability disclosure.

"Edge devices, such as the Vigor 3910 router, live on the boundary between internal and external networks. As such, they are a prime target for cybercriminals and threat actors alike. Remotely breaching edge devices can lead to a full compromise of the businesses' internal network," Trellix said.

The company stressed that keeping these devices patched and updated is crucial.


More from Cybernews:

Twitter leaks were bad but worse may be yet to come, says expert

Missile maker MBDA denies being hacked, admits to data loss

Tiffany & Co. announces CryptoPunk NFT collection

Two billion people affected by internet restrictions

Web-based scam uses fake Facebook ads to claim celebrity endorsement

Ransomware gang says it hit Luxembourg’s energy supplier

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked