IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Over 200,000 DrayTek routers vulnerable to total device takeover

The routers are popular with small and medium businesses, but are easily exploitable by threat actors seeking to steal data or launch ransomware

A digital render of a blue padlock fragmenting into a cloud of data

Over 200,000 routers made by DrayTek are subject to a serious vulnerability, which could open companies up to network breaches.

The DrayTek Vigor 3910 is currently vulnerable to complete compromise by threat actors and is particularly at risk if it has an internet-facing management interface. 

Researchers from cybersecurity firm Trellix identified the vulnerability within the model in a blog post, as well as within 28 other devices from DrayTek that share the same code base. They stressed that at present, there are no examples of threat actors in the wild using the vulnerability. 

The researchers have warned companies that once routers are compromised, they leave a network open to malicious action such as intellectual property theft, stolen passwords, data breaches, or a ransomware attack.

DrayTek is a Taiwanese manufacturer of routers that cater to so-called ‘SoHo’ small and medium businesses (SMBs), with their products often used to provide remote-working employees with virtual private network (VPN) access.

Because of a logic bug in its code, threat actors can exploit the management interface of the affected routers by inputting a base64 encoded string as username and password when prompted. This causes a buffer overflow on its login page, allowing a takeover of the router’s ‘DrayOS’.

The attack can be undertaken over the router’s local area network (LAN). If the management interface of the router is configured to be internet facing, the attack can be carried out remotely over the internet.

Researchers have issued several recommendations, including keeping firmware up-to-date, preventing the management interface from being exposed to the internet if possible, and changing the password to any affected devices.

The vulnerability has been filed under CVE-2022-32548 and Trelix was quick to praise DrayTek for releasing a firmware patch within 30 days of being made aware of the issue.

“A firewall or other piecemeal cybersecurity tool is not a cybersecurity strategy. Small businesses must not underestimate their value to an attacker and adopt a mindset and strategy centred on when they will be targeted versus if," commented Philippe Laulheret, senior security researcher at Trellix. 

"SMBs can't underestimate the value of their data and IP, or the potential for their edge devices to be leveraged in botnet attack, or even the risk of becoming a steppingstone for attackers to compromise SMBs' customer networks.”  

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Twilio account breach result of sophisticated social engineering campaign
Security

Twilio account breach result of sophisticated social engineering campaign

9 Aug 2022
Data on 69 million Neopets users stolen and listed for sale on hacker forum
Security

Data on 69 million Neopets users stolen and listed for sale on hacker forum

21 Jul 2022
HackerOne employee fired for using position to steal bug bounties
Security

HackerOne employee fired for using position to steal bug bounties

4 Jul 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022