Press ReleaseCyber Crime & ForensicDevice & IoTMobile & Wireless

Forescout Finds 14 Vulnerabilities in Popular DrayTek Routers Affecting Hundreds of Thousands of Exposed Devices Globally

Photo of CSA Editorial CSA Editorial Send an email October 11, 2024
2 minutes read

Forescout Technologies, Inc., a global cybersecurity leader, today published the “DRAY:BREAK” Research Report. The report identifies 14 previously unknown vulnerabilities in routers manufactured by DrayTek, a Taiwanese networking equipment manufacturer, including one with the highest possible severity rating of 10. If left unaddressed, attackers could gain full control over these devices, opening the door to ransomware, denials of service and other attacks. With routers being increasingly targeted, this research spotlights the need for immediate action including patching and disabling unnecessary remote access to protect network devices against rising cyber threats.

DrayTek routers are widely used across many industries and this broad usage has made them prime targets for cybercriminals. In addition to Forescout’s research, DrayTek routers were flagged in a recent FBI action and CISA added DrayTek vulnerabilities to the Known Exploited Vulnerabilities (KEV) list.

“Routers are crucial for keeping internal systems connected to the outside world yet too many organisations overlook their security until they are exploited by attackers,” said Barry Mainz, Forescout CEO. “Cybercriminals work around the clock to find cracks in routers’ defences, using them as entry points to steal data or cripple business operations. Forescout’s DrayTek research is just the latest example to show how routers continue to be the riskiest device category across all assets.”

Forescout Research – Vedere Labs “DRAY:BREAK” Report Key Findings:

  • 14 vulnerabilities identified across DrayTek routers: The highest severity finding received a CVSS score of 10; another scored a 1. These high-risk vulnerabilities can allow attackers to conduct remote code execution and OS command injection attacks. Further technical details are included in the full report.
  • Global widespread exposure: Over 704,000 DrayTek routers are currently exposed to the internet. More than 425,000 are in the UK and EU, and over 190,000 are in Asia, a complete regional breakdown of exposure is detailed in the report. The majority of the routers are intended for business use – with 75% used commercially. Nearly 40% of DrayTek routers are still vulnerable to similar issues identified two years ago and added to the CISA KEV catalogue.
  • End-of-Life devices at risk: The vulnerabilities found impact 24 DrayTek router models, 11 of which are end-of-life (EoL). Over two-thirds (63%) of the exposed devices are either End-of-sale (EoS) or EoL, making them more difficult to patch and protect.

Potential Attack Scenarios

DrayTek vulnerabilities create many potential router attack paths, especially for those with the web management interface exposed to the internet. Attackers can deploy a persistent rootkit to intercept and analyse network traffic, stealing sensitive data such as credentials or confidential information. Once inside, they could move laterally across the network, compromising other devices and potentially leading to ransomware, denial-of-service (DoS) attacks, or the creation of botnets for distributed attacks. High-performance routers, such as the Vigor3910, could even be repurposed as command-and-control (C2) servers, enabling attackers to launch further attacks on other victims.

As part of the responsible disclosure process, DrayTek has patched all the firmware vulnerabilities Vedere Labs uncovered. However, organisations still need to take mitigation steps to protect these products on their networks.

“To safeguard against these vulnerabilities, organisations must immediately patch affected DrayTek devices with the latest firmware. Disabling unnecessary remote access, implementing Access Control Lists and two-factor authentication, and monitoring for anomalies through syslog logging are all crucial steps,” said Daniel dos Santos, Head of Security Research at Forescout Research – Vedere Labs. “Network segmentation is also essential to contain any potential breaches and outdated devices should be replaced. ”

To learn more about DrayTek vulnerability findings, including a technical deep dive and mitigation strategies, Forescout has published the full research report and a summary blog.

For the latest Forescout research, visit the Forescout – Vedere Labs website.

Tags
Photo of CSA Editorial CSA Editorial Send an email October 11, 2024
2 minutes read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Financial Phishing

Financial Phishing Continues to Be Menace to SEA Companies—Kaspersky

November 28, 2024
Keeper Security

Williams Racing Chooses Keeper Security to Safeguard Data in Formula 1’s High-Stakes, Data-Driven World

November 28, 2024
Trend Micro

Trend Micro Safeguards Cloud Data of Healthcare AI Innovation Leader

November 27, 2024
ThreatLabz

ThreatLabz Report: Singapore Is Second Most Targeted APJ Nation for Mobile Malware Attacks in 2024

November 27, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net