Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

High-impact vulnerability in DrayTek routers leaves thousands of SMEs open to exploitation

A critical security vulnerability impacting DrayTek Vigor routers could allow unauthenticated attackers to gain full access to victim networks.

The flaw affects the Taiwanese hardware manufacturer’s popular Vigor 3910 router, along with nearly 30 other models that share the same codebase.

200,000 exposed devices

The DrayTek router vulnerability was discovered by researchers from Trellix, who found that by triggering a buffer overflow in the web management interface, they could take over the underlying DrayOS.

Tracked as CVE-2022-32548, the vulnerability earned a maximum CVSS score of 10, as this attack requires no authentication to achieve remote code execution (RCE).

“During our research we uncovered over 200,000 devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited,” Trellix security researcher Philippe Laulheret writes in a technical blog post.

‘Complete compromise’

Exploiting this vulnerability can lead to a complete compromise of the device and can enable a malicious actor to access internal resources of the breached networks.

Failed exploitation attempts can lead to device reboot, denial of service, and other abnormal behavior.

security advisory released yesterday (August 4) includes the full list of impacted router models.

“Our standard best practice recommendation is to always keep firmware up to date, but we recommend that you check that affected units are running at least the firmware version [listed],” the vendor said.

Patch window

As outlined in an accompanying CERT NZ advisory this week, there has been no evidence to indicate that this vulnerability has been exploited in the wild.

“However, we strongly recommend you investigate and patch any DrayTek devices on your network as soon as possible to prevent them from being compromised,” the advisory reads.

Greg Fitzgerald, co-founder of Sevco Security, said: “Identifying and patching the known routers is a must, but organizations will still be vulnerable if there are abandoned devices connected to the network that are affected.”

The Daily Swig has asked the researchers if they have seen a reduction in the number of exposed devices since the fixes were pushed out. This article will be updated when fresh information comes to hand.

The Trellix team will release more details about how the vulnerability was discovered and exploited in an upcoming presentation at Hexacon in France on October 14-15.

Source: https://portswigger.net/daily-swig/high-impact-vulnerability-in-draytek-routers-leaves-thousands-of-smes-open-to-exploitation

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO