Over 200,000 routers made by DrayTek are subject to a serious vulnerability, which could open companies up to network breaches.
The DrayTek Vigor 3910 is currently vulnerable to complete compromise by threat actors and is particularly at risk if it has an internet-facing management interface.
Researchers from cybersecurity firm Trellix identified the vulnerability within the model in a blog post, as well as within 28 other devices from DrayTek that share the same code base. They stressed that at present, there are no examples of threat actors in the wild using the vulnerability.
The researchers have warned companies that once routers are compromised, they leave a network open to malicious action such as intellectual property theft, stolen passwords, data breaches, or a ransomware attack.
DrayTek is a Taiwanese manufacturer of routers that cater to so-called ‘SoHo’ small and medium businesses (SMBs), with their products often used to provide remote-working employees with virtual private network (VPN) access.
Because of a logic bug in its code, threat actors can exploit the management interface of the affected routers by inputting a base64 encoded string as username and password when prompted. This causes a buffer overflow on its login page, allowing a takeover of the router’s ‘DrayOS’.
The attack can be undertaken over the router’s local area network (LAN). If the management interface of the router is configured to be internet facing, the attack can be carried out remotely over the internet.
Researchers have issued several recommendations, including keeping firmware up-to-date, preventing the management interface from being exposed to the internet if possible, and changing the password to any affected devices.
The vulnerability has been filed under CVE-2022-32548 and Trelix was quick to praise DrayTek for releasing a firmware patch within 30 days of being made aware of the issue.
“A firewall or other piecemeal cybersecurity tool is not a cybersecurity strategy. Small businesses must not underestimate their value to an attacker and adopt a mindset and strategy centred on when they will be targeted versus if," commented Philippe Laulheret, senior security researcher at Trellix.
"SMBs can't underestimate the value of their data and IP, or the potential for their edge devices to be leveraged in botnet attack, or even the risk of becoming a steppingstone for attackers to compromise SMBs' customer networks.”
-
M&S calls in NCSC after 'cyber incident' disrupts customer payments, online ordersNews Retail giant Marks & Spencer (M&S) has revealed it has been dealing with a “cyber incident” in recent days and apologized to customers amid disruption complaints.
-
Microsoft says workers should believe the hype with AI toolsNews Using AI tools paid dividends for some workers, but alternative research shows it could create problems for others down the line.
-
Edge devices are now your weakest link: VPNs, firewalls, and routers were the leading source of initial compromise in 30% of incidents last year – here’s whyNews Compromised network edge devices have rapidly emerged as one of the biggest attack points for small and medium businesses.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to successNews Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Five Eyes cyber agencies issue guidance on edge device vulnerabilitiesNews Cybersecurity agencies including the NCSC and CISA have issued fresh guidance on edge device security.
