DrayTek Routers Under Siege
DrayTek has recently released security updates for multiple router models, addressing 14 vulnerabilities of varying severity. Among these is a critical remote code execution (RCE) flaw, which has been assigned the maximum CVSS score of 10. Discovered by Forescout Research – Vedere Labs, these vulnerabilities affect both actively supported models and those that have reached their end of life. DrayTek’s swift response includes fixes for both categories due to the potential severity of the flaws.
Scope of the Vulnerabilities
Researchers have identified approximately 785,000 DrayTek routers that may be vulnerable, with over 704,500 of them having their web interface exposed to the internet—an alarming security risk.
Breakdown of Vulnerabilities
The majority of the vulnerabilities identified by Vedere Labs are medium-severity issues, including buffer overflow and cross-site scripting (XSS) problems, which typically require specific conditions to be exploited. However, five flaws stand out due to their significant risks and are summarized as follows:
FSCT-2024-0006: A buffer overflow vulnerability in the "GetCGI()" function that processes HTTP request data, potentially leading to denial of service (DoS) or remote code execution (RCE). (CVSS score: 10.0)
FSCT-2024-0007: Command injection vulnerability in the "recvCmd" binary, which facilitates communication between host and guest operating systems, allowing for potential VM escape. (CVSS score: 9.1)
FSCT-2024-0014: The backend web server’s use of a static string for seeding the pseudo-random number generator (PRNG) in OpenSSL could lead to information disclosure and man-in-the-middle (MiTM) attacks. (CVSS score: 7.6)
FSCT-2024-0001: The use of identical admin credentials across the system poses a risk of full system compromise if these credentials are obtained. (CVSS score: 7.5)
FSCT-2024-0002: An HTML page in the web UI mishandles input, creating reflected XSS vulnerabilities. (CVSS score: 7.5)
Current Threat Landscape
As of now, there have been no reported cases of active exploitation of these vulnerabilities. The analytical details have been withheld to provide users with adequate time to apply the necessary security updates.
Impacted Models and Firmware Updates
These vulnerabilities affect 24 different router models, with 11 models being past their end-of-life yet still receiving crucial fixes. Users can find the target firmware versions and the list of affected models in DrayTek's official download portal.
Exposed Devices
Vedere Labs found that over 704,500 DrayTek devices have their Vigor Web user interface publicly accessible, which should ideally only be reachable from a local network. Notably, nearly half of the exposed devices are located in the United States, but significant numbers are also present in the United Kingdom, Vietnam, the Netherlands, and Australia.
Recommended Actions for Users
In addition to applying the latest firmware updates, DrayTek users are encouraged to implement the following security measures:
Disable Remote Access: If not required, ensure remote access is disabled. If it is necessary, employ access control lists and two-factor authentication.
Monitor Settings: Regularly check for unauthorized changes, including the addition of new admin users or remote access profiles.
Disable SSL VPN: Turn off SSL VPN connections using port 443 to reduce exposure.
Enable Syslog Logging: Activate logging to monitor for any suspicious activity.
Secure Browser Access: Enable auto-upgrades to HTTPS on your web browser.
All DrayTek users should verify that their device's remote access console is disabled, as these interfaces are common targets for exploits and brute force attacks.
Conclusion
The recent vulnerabilities identified in DrayTek routers highlight the critical importance of timely security updates and proactive measures. By staying informed and implementing recommended actions, users can significantly enhance the security of their networks and mitigate potential risks.
Source https://www.draytek.com
No comments:
Post a Comment